Presentation Title: Cross Domain Leakiness: Divulging Sensitive Information and Attacking SSL Sessions
Presentation Abstract:

In this presentation, we’ll see that cross-domain issues are still relatively common in browsers. The cross-domain issues can be split into two groups. First, there are out-and-out bugs that can be fixed relatively easily. These bugs tend to be in the less common cross-domain functional areas, and are often introduced with new cross-domain capable features. Interesting examples of such bugs will be discussed, and some new examples released.

Secondly, there are cross-domain leakages resulting from how browsers generally work by design or intent. These are unfortunately hard to fix without breaking things, and the regrettable consequence is often that web app developers have to beware of an increasing list of dangers. We will look at some new pitfalls here in the areas of cross-domain CSS, scripting and cookie handling.

Finally, there will be an interesting diversion that takes “sidejacking” to the max — looking at what you really can do if you are an active man-in-the-middle attacker looking to attack a victim who is carefully using only SSL sessions.

About Chris

Chris is known for various work in the security community. Most notably, he is the author of vsftpd and a vulnerability researcher. Details of vsftpd are at http://vsftpd.beasts.org/. He releases vulnerabilities at http://scary.beasts.org/. His work includes vulnerabilities in the Firefox, Safari and IE browsers; the Linux and OpenBSD kernels; Sun’s JDK; and lots of open source packages. He blogs about some of his work at http://scarybeastsecurity.blogspot.com/. At Google, Chris has led or been involved with the security of projects such as Google App Engine, Google Chrome, Google Spreadsheets, Picasa Web, Google Finance, Gmail, etc. Chris has a Masters from the University of Oxford and occasionally presents at security conferences such as PacSec.

** Note: Chris Evans will be presenting this paper with Billy Rios