[Full-disclosure] [TAUSEC] Next meeting of TAUSEC on Feb 11, 6 P.M
Edward Aronovich
eddiea at tau.ac.il
Fri Feb 2 06:40:49 GMT 2007
The Security Forum, TAUSEC at Tel Aviv University, next lecture will be on Feb 11 at 18:00 (6 P.M)
Location: Tel Aviv University Lev Auditorium
Map: http://www2.tau.ac.il/map/unimapl1.asp
Attendance is free, light refreshments will be served
Schedule:
---------
18:00 Economic analysis of globally deployed attach counter-measures - Shachar Shemesh Lecture level: high level, no technical knowledge required
Abstract:
The lecturer will try to prove, using nothing but a few
hand gestures and 12 coins, that the time is not yet ripe to
deploy outgres filtering world wide. We will try to analyze
what may cause the balance to tip, and will outline the
lecturer very private, and somewhat insane, idea of how the
world will slowly change once the tipping point arrives.
19:00 - Break
19:20 - IE Exploits Treats - History, JavaScript evasion techniques,
Heap Spray, Ajax worms - Dror Shalev
Level: Technical / Very High Level
Title: IE Exploits Treats - History, JavaScript evasion techniques, Heap Spray, Ajax worms
In the "IE Exploits Treats" I will show lots of code and techniques ,
but will not include 0 days exploits.
The "JavaScript evasion techniques" research include the following demos :
http://www.drorshalev.com/dev/metascripts/
the "History" section include :
https://secure11.brinkster.com/drorshalev/checkpoint/products/main.htm
the "Heap Spray" include : Internet Exploiter , PwnZilla By SkyLined
MS07-004 VML integer overflow exploit , Moti Joseph
browserfun by HDM , metasploit
setRequestHeader(), setSlice(), createTextRange()
the "Ajax worms" include :
An analysis of the 180 Solutions Trojan - 2003
Yahoo & Hotmail Potential web-based e-mail worm - 2003
Samy is my Hero -MySpace - 2005
Visit our web site at: http://www.cs.tau.ac.il/tausec/
C U,
Eddie
Full-Disclosure is hosted and sponsored by Secunia.