Currently, UNICODE is getting more and more popular in computing world. With an initiative to register domain names with UNICODE characters, the world will see even more prevalent use of UNICODE. Such widespread use of UNICODE opens the door to some attack vectors (specially spoofing etc) which were slightly harder to perform. The talk will discuss 3 such attacks (extension spoofing, URL spoofing, and phishing) using RTLO, LTRO and some other special properties of UNICODE. Demo and proof of concept codes will be presented for each attack. The talk will also discuss about countermeasures for such attacks.
About the Speaker: Ankur Vats is an independent security researcher specialising in web security and related fields. His areas of expertise are web security, network security and secure coding practices. He can be reached on facebook (ankur.vats.735), and email (firstname.lastname@example.org).
AppSec professional with varied experience in consulting and product development domains. Other interest includes - infrastructure and mobile security.
Starts at Saturday October 18 2014, 05:45 PM. The sessions runs for 30 minutes.