Not me
Ekr
On Jun 23, 2009, at 3:23 PM, Peter Saint-Andre <[email protected]>
wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Will anyone on this list be at DEFCON 17? The following talk looks
"interesting"....
***
eXercise in Messaging and Presence Pwnage
Ava Latrope Security Consultant, iSEC Partners
eXtensible Messaging and Presence Protocol, or XMPP, is a is a set of
specialized XML-based protocols that are an increasingly popular
choice
for a variety of middleware applications. It's a sprawling project
implemented differently by many popular projects and services, and is
used for purposes ranging from chat rooms and video conferencing to
control channels for mobile devices. It combines a myriad of confusing
buffet-style design options with all of the traditional weaknesses of
XML security. XML parsing is a fragile art and many (if not most)
implementations are vulnerable to DOS attacks, such as knocking the
other users of a chatroom offline. I take a look at how those issues
play out in IM clients and open source servers.
***
http://www.defcon.org/html/defcon-17/dc-17-speakers.html#Latrope
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpBVe0ACgkQNL8k5A2w/vyWOQCcCiMSREeSN1neCIW7E7kYZFDy
nt0AnRjhMYog79i4CNZOWVy8Y69wdsap
=RlwZ
-----END PGP SIGNATURE-----
