How I Met Your Girlfriend

Presented at DEF CON 18 (2010), Aug. 1, 2010, 1 p.m. (50 minutes)

How I Met Your Girlfriend: The discovery and execution of entirely new classes of Web attacks in order to meet your girlfriend. This includes newly discovered attacks including HTML5 client-side XSS (without XSS hitting the server!), PHP session hijacking and random numbers (accurately guessing PHP session cookies), browser protocol confusion (turning a browser into an SMTP server), firewall and NAT penetration via Javascript (turning your router against you), remote iPhone Google Maps hijacking (iPhone penetration combined with HTTP man-in-the-middle), extracting extremely accurate geolocation information from a Web browser (not using IP geolocation), and more.

Presenters:

• Samy Kamkar
  Samy Kamkar is best known for the Samy worm, the first XSS worm, infecting over one million users on MySpace in less than 24 hours. A co-founder of Fonality, Inc., an IP PBX company, Samy previously led the development of all top-level domain name server software and systems for Global Domains International (.ws). In the past 10 years, Samy has focused on evolutionary and genetic algorithmic software development, Voice over IP software development, automated security and vulnerability research in network security, reverse engineering, and network gaming. When not strapped behind the Matrix, Samy can be found stunt driving, getting involved in local community service projects, and continuing his focus on staying out of jail.

Links:

• https://defcon.org/html/defcon-18/dc-18-speakers.html#Kamkar
• https://infocon.org/cons/DEF CON/DEF CON 18/DEF CON 18 video and slides/DEF CON 18 - Samy Kamkar - How I Met Your Girlfriend - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=fWk_rMQiDGc

Similar Presentations:

• ShmooCon I (2005) / The Evils of XSS: Its not just for cookies anymore
• ToorCon: Seattle 2011 / XSS Without the Browser
• Black Hat USA 2010 / How I Met Your Girlfriend