-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Will anyone on this list be at DEFCON 17? The following talk looks "interesting"....
*** eXercise in Messaging and Presence Pwnage Ava Latrope Security Consultant, iSEC Partners eXtensible Messaging and Presence Protocol, or XMPP, is a is a set of specialized XML-based protocols that are an increasingly popular choice for a variety of middleware applications. It's a sprawling project implemented differently by many popular projects and services, and is used for purposes ranging from chat rooms and video conferencing to control channels for mobile devices. It combines a myriad of confusing buffet-style design options with all of the traditional weaknesses of XML security. XML parsing is a fragile art and many (if not most) implementations are vulnerable to DOS attacks, such as knocking the other users of a chatroom offline. I take a look at how those issues play out in IM clients and open source servers. *** http://www.defcon.org/html/defcon-17/dc-17-speakers.html#Latrope Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpBVe0ACgkQNL8k5A2w/vyWOQCcCiMSREeSN1neCIW7E7kYZFDy nt0AnRjhMYog79i4CNZOWVy8Y69wdsap =RlwZ -----END PGP SIGNATURE-----
