Tuesday, 8 April 2014

Exploiting Lawful Intercept - Unauthorized Internet Wiretapping

Pakistan Black Hat Hackers


For many years people have been debating whether or not surveillance capabilities should be built into the Internet. Cypherpunks see a future of perfect end to end encryption while telecom companies are hard at work building surveillance interfaces into their networks. Do these lawful intercept interfaces create unnecessary security risks?

This talk will review published architectures for lawful intercept and explain how a number of different technical weaknesses in their design and implementation could be exploited to gain unauthorized access and spy on communications without leaving a trace. The talk will explain how these systems are deployed in practice and how unauthorized access is likely to be obtained in real world scenarios. The talk will also introduce several architectural changes that would improve their resilience to attack if adopted. Finally, we'll consider what all this means for the future of surveillance in the Internet - what are the possible scenarios and what is actually likely to happen over time.


ClickJacking From Basic to Advanced Level

Click jacking


Clickjacking may be a technique which will be wont to trick users into activity unintentional actions on an internet site by format an internet page so the victim clicks on hid links, generally hidden at intervals AN IFRAME. However, as compared to different browser-based attacks like XSS (Cross-site Scripting) and CSRF (Cross-site Request Forgery), Clickjacking has until now been considered a restricted attack technique in terms of consequences for the victim and also the eventualities within which it is used. throughout this speak I will demonstrate that this assumption is inaccurate, which today’s Clickjacking techniques is extended to perform powerful new attacks which will have an effect on any internet application.

This speak can cowl the fundamentals of Clickjacking, quickly moving on to a lot of powerful, and new developed, techniques. The presentation can explore any ways in which within which a user is tricked into interacting with a victim website and the way these will cause attacks like injecting information into AN application (bypassing all current CSRF protections) and also the extraction information|of information} from websites while not the user’s knowledge. The demo can show many cross-browser techniques, and new free browser-specific vulnerabilities in net mortal, Firefox and Safari/Chrome which might be wont to take full management of an internet application.

I will even be demonstrating and emotional a brand new tool that permits for straightforward point-and-click creation of multi-step Clickjacking attacks on any internet application, by visually choosing the links, buttons, fields and information to be targeted. The tool can highlight the requirement for improved Clickjacking defences in each browsers and internet applications.