Confirmed: JavaScript Hijacking and DNS Rebinding - OWASP Meeting
05/25/2010 -
Chair:
Josh Sokol/AUS/NIC
Sent By:
josh.sokol at ni.com
Location:
National Instruments - Building C - Conference Room 1S13
josh.sokol
Josh Sokol has confirmed this meeting
FYI:
When: May 25, 2010, 11:30am - 1:00pm
Topic: Javascript Hijacking
This attack is an offshoot of Cross-Site Request Forgery (CSRF) and is
common when AJAX is involved. It was well publicized in 2007 when the
gmail contact list was found by Jeremiah Grossman to be vulnerable to it.
This presentation will include a technical explanation of the attack, a
demonstration, and a discussion.
Who: Ben Broussard (UT Austin)
Ben Broussard is a developer for the University of Texas at Austin with
an academic background in mathematics, specifically cryptography. At UT
he has translated and prioritized web application attacks in relation to
the environment that the developers are working in. Ben is currently
leading a web application security focused team of developers from
different departments around campus.
Topic: Attacking Intranets from the Web Using DNS Rebinding
DNS Rebinding works by implementing code that circumvents the web
browser's same-origin policy and penetrates your private network. The
exploit was popularized by RSnake in 2009. This presentation will explore
how DNS Rebinding works, a walk-thru of a running demo, and what it means
to your organization.
Who: James Wickett (National Instruments)
James is the current Vice President of the Austin OWASP chapter and the
former President. He works for National Instruments as a Web Systems
Engineer in the R&D department. Current certifications: CISSP, GCFW, GWAS
Where: National Instruments, 11500 N Mopac, Building C which is the
tallest building on campus (8 levels). There will be signs posted in the
lobby to direct you where to go and the receptionists will be able to
assist you as well. See directions to National Instruments.
Cost: Always Free
Questions or help with Directions... call: Josh Sokol (512) 619-6716.
RSVP on the Austin OWASP Ning Site
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20100524/45c3ddfa/attachment-0002.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/calendar
Size: 3226 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100524/45c3ddfa/attachment-0001.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100524/45c3ddfa/attachment-0002.gif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic22403.gif
Type: image/gif
Size: 2043 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100524/45c3ddfa/attachment-0003.gif
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20100524/45c3ddfa/attachment-0003.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: c175520.ics
Type: application/octet-stream
Size: 3226 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100524/45c3ddfa/attachment-0001.obj