Hacking Intranet Websites From The Outside (Take 2)–Fun With And Without Javascript Malware presented at Blackhat USA 2007

by Robert Hansen (SecTheory),

Tags: Security Malware

Summary : Attacks always get better, never worse.
The malicious capabilities of Cross-Site Scripting (XSS) and Cross-Site
Request Forgeries (CSRF), coupled with JavaScript malware payloads,
exploded in 2006. Intranet Hacking from the Outside, Browser Port
Scanning, Browser History Stealing, Blind Web Server Fingerprinting, and
dozens of other bleeding-edge attack techniques blew away our
assumptions that perimeter firewalls, encryption, A/V, and multi-actor
authentication can protect websites from attack.

Robert Hansen: Robert Hansen (CEO, Founder of SecTheory) has worked for Digital Island, Exodus Communications and Cable & Wireless in varying roles from Sr. Security Architect and eventually product managing many of the managed security services product lines. He also worked at eBay as a Sr. Global Product Manager of Trust and Safety, focusing on anti-phishing, anti-DHTML malware and anti-virus strategies. Later he worked as a director of product management for Realtor.com. Robert sits on the advisory board for the Intrepidus Group, previously sat on the technical advisory board of ClickForensics and currently contributes to the security strategy of several startup companies. Mr. Hansen authors content on O'Reilly and co-authored "XSS Exploits" by Syngress publishing. He sits on the NIST.gov Software Assurance Metrics and Tool Evaluation group focusing on web application security scanners and the Web Application Security Scanners Evaluation Criteria (WASC-WASSEC) group. He also has briefed the DoD at the Pentagon and speaks at SourceBoston, Secure360, GFIRST/US-CERT, CSI, Toorcon, APWG, ISSA, TRISC, World OWASP/WASC conferences, SANS, Microsoft's Bluehat, Blackhat, DefCon, Networld+Interop, and has been the keynote speaker at the New York Cyber Security Conference, NITES and OWASP Appsec Asia. Mr. Hansen is a member of Infragard, Austin Chamber of Commerce, West Austin Rotary, WASC, IACSP, APWG, he is the Industry Liaison for the Austin ISSA and contributed to the OWASP 2.0 guide.