Thursday, August 16th, 2007

Dude… where’s my passport?!?!

The XS-Snipers are ready to roll to Malaysia.  We’ll be presenting at HITB 2007 on the 6th of September.  Our talk will be on some new DNS Rebinding attacks that are pretty legit.  It will be nice to finally meet Martin Johns (the guy who basically brought DNS Rebinding pinning back from the dead).  I’ll be sure to buy him a couple beers and pick his brain!  It will also be really cool if we could meet Mark Abene (Phiber Optik) and Emmanuel Goldstein, those two are larger than life in my book!  We might also give a teaser or two about some new attacks we pulled off with the URI abuse. 

  

We’ve had an interesting couple of weeks recovering from DEFCON, including some discouraging feedback about our “disclosure policy”… perhaps we should actually get one of those someday.  Surprisingly enough, it wasn’t from the folks at Mozilla, who were actually quite cool and just asked us to work with them in the future (which we will).   

   

We’ve just been featured on /. which has linked to an interview we did with Robert from IDG.  Article was pretty nice, however, it’s received some /. criticism for lack of technical content…  We also leaked a little pre-release information about a new piece of URI Use and Abuse we are playing with… this one allows us to steal data from a user’s computer thru an XSS exposure and a URI abuse.  Interestingly enough, we’ve been blasted a bit on /. because we haven’t released the details of the flaw.  Sometimes you can’t win the disclosure game (as I’m sure other security researchers have encountered).  We’ve gone through vendor disclosure, third party disclosure, and full disclosure, and we’ve been criticized each and every time….  We’ve got the FULL PoC ready and we’ll release when we’re ready (shoutz to ROB CARTER for all his actionscript and sever side skillz!).  I’m sure we’re not alone with our experiences; shoot me an email if you have an interesting disclosure story…   

   

Finally…..  I’m sad to say that Mark Hinge and Mark Anderson of Whitedust have hung their hats up!  I’ve been a fan of Whitedust over the last few years….you’ll be missed….  If you’re ever in the Seattle area, look me up…   

   

-BK and Nate

Posted by xssniper | Filed in Uncategorized



Please leave a Comment