1. InfoconDB
  2. DEF CON
  3. DEF CON 16 (2008)
  4. Exploiting A Hundred-Million Hosts Before Brunch

Exploiting A Hundred-Million Hosts Before Brunch

Presented at DEF CON 16 (2008), Aug. 10, 2008, 10 a.m. (20 minutes)

If you were to "hack the planet" how many hosts do you think you could compromise through a single vulnerable application technology? A million? A hundred-million? A billion? What kind of application is so ubiquitous that it would enable someone to launch a planet-wide attack? - why, the Web browser of course! We've all seen and studied one side of the problem - the mass- defacements and iframe injections. But how many vulnerable Web browsers are really out there? How fast are they being patched? Who's winning the patching race? Who's the tortoise and who's the hare? Our latest global study of Web browser use (tapping in to Google's massive data repositories) has revealed some startling answers along with a new perspective on just how easy it would be to "hack the planet" if you really felt like it. Paper Download and Contact -------------------------- W: http://www.techzoom.net/insecurity-iceberg M: insecurity-iceberg@ee.ethz.ch

Presenters:

  • Stefan Frei - Security Researcher
    Stefan Frei refines and exercises his pentesting, consulting, and security research skills daily, for more than a decade. After several years with the ISS X-Force, he decided to go for a PhD to combine academic research with his experience gained in the field. His research interests are the vulnerability ecosystem, security econometrics, and networking security. As a licensed helicopter and fixed wing aerobatic pilot he is used to look ahead and think out of the box. He is a frequent contributor to security conferences, such as BlackHat or FIRST.
  • Thomas Duebendorfer - Security Researcher
    Thomas Duebendorfer works on the security of Google's online ad system as a software engineer tech lead at Google Switzerland GmbH in Zurich. He is currently the president of the Information Security Society Switzerland ISSS and also a lecturer at ETH Zurich, the Swiss Federal Institute of Technology. He has earned a Ph.D. and a M.S. degree with honors with distinction from ETH Zurich.
  • Martin May - Security Researcher
    Martin May received the Master degree in computer science from the University of Mannheim in 1996. In 1999, he received his Ph.D. degree at INRIA Sophia Antipolis. During his PhD, he was also technical staff member of Lucent Bell-Labs Research, Holmdel, USA and Sprintlabs, Burlingame, USA where he continued his research. Early 2000, he founded a start up company in France where he worked in the field of Content Networking and sold it end of 2003. Since then, he is senior research associate at the Swiss Institute of Technology in Zurich (ETH Zurich). His research interests are in future Internet architectures and network security. Dr. May chaired multiple workshops and conferences on network security and also served on technical Program committees for many networking conferences.
  • Gunter Ollmann - Security Researcher
    Gunter Ollmann has been paid to break in to the largest and best known organizations around the world for the last decade, led some of the world's best known penetration testing teams and most respected security R&D divisions and, when not writing yet another whitepaper or blogging on security, he's crystal-balling the threats and countermeasures for three-years hence. Google Search is a wonderful thing, and with a name as unique as his, there's nowhere to hide.

Links: