26C3 - 26C3 1.15

26th Chaos Communication Congress
Here be dragons

FX of Phenoelit
Day Day 2 - 2009-12-28
Room Saal1
Start time 20:30
Duration 01:00
ID 3494
Event type Lecture
Track Hacking
Language used for presentation English

Defending the Poor

Preventing Flash Exploits

The talk will discuss a class of in-the-wild malware and exploits, reasons for it's success as well as reasons why protecting against it in common ways is not effective. This will be done by examining the internals of the attacked subject. Following this, the second part of the talk will present an alternative protection mechanism, which the presenter believes prevents large parts of this class of attacks. The mechanisms and code to do this will be presented and released.

The talk presents a simple but effective approach for securing Rich Internet Application (RIA) content before using it. Focusing on Adobe Flash content, the security threats presented by Flash movies are discussed, as well as their inner workings that allow such attacks to happen. Some of those details will make you laugh, some will make you wince. Based on the properties discussed, the idea behind the defense approach will be presented, as well as the code implementing it and the results of using it in the real world.