DeepSec2015 Talk: Hacking Cookies in Modern Web Applications and Browsers – a short Interview with Dawid Czagan

Sanna/ October 1, 2015/ Discussion, Interview, Security

You don’t have to be the cookie monster to see cookies all around us. The World Wide Web is full of it. Make sure not to underestimate their impact on information security. Dawid Czagan will tell you why. 1) Please tell us the top 5 facts about your talk. The following topics will be presented: – cookie related vulnerabilities in web applications – insecure processing of secure flag in modern browsers – bypassing HttpOnly flag and cookie tampering in Safari – problem with Domain attribute in Internet Explorer – underestimated XSS via cookie – and more 2) How did you come up with it? Was there something like an initial spark that set your mind on creating this talk? I noticed that cookie related problems are underestimated. People claim, for example, that XSS via cookie requires

Read More

DeepSec 2011 – Video Interviews

René Pfeiffer/ November 24, 2011/ Press

A video team from Golem, one of Germany’s largest IT news web sites, did some interviews at DeepSec 2011. We already mentioned the interview with Sharon Conheady and Stefan Schumacher. There’s a new video available. It’s an interview with Constantinos Patsakis about the security and the automotive industry. Modern cars rely heavily on computer systems and data buses, but they lack mechanisms to control access to different components by different users. Constantinos and Kleanthis Dellios discussed this problem in their talk at DeepSec 2011 and suggested solutions to this problem. Watch the video and listen to the interview. Video: Interview C. Patsakis Sicherheit in Autos (3:08) Harald Welte, who conducted the „Attacking GSM“ training with Dieter Spaar at DeepSec 2011, gave an interview about the state of security in the GSM network. Video: Interview Harald

Read More