Presentation Material

Abstract

2010 taught us many lessons in computer security – the hard way. Attack techniques have undergone a paradigm shift. 2000 was the year of the “full frontal” attack, as I call it. The first line of defence was the network perimeter.

Today the first attacks are delivered straight to the end user’s desktop, and the weakest spot in the armour is the human mind. Weaknesses in web applications, heavy penetration of social networking in day to day life and fantastically complex desktop software have given birth to new exploit vectors and techniques.

How will the threat landscape change with the advent of new technologies and services? New standards are emerging, and the darling child of the web is HTML 5. A closer look at standards reveals and awful mess. Are the standards mitigating any security concerns? More importantly, will browser vendors and web application developers really respect the standards? The browser wars taught us that “might is right”. If everyone breaks the web, that becomes a new adopted standard. New technologies, coupled with popular online services make for some very interesting exploit delivery techniques.

This talk explores some innovative exploit delivery techniques arising out of broken standards, poor trust relationships and bloated desktop software. This talk ends with a discussion on exploit sophistication and the shape of things to come for 2011.