Misuse of "Secure" Protocols and Their Exploitation
Author: Vladimir Dubrovin
It’s a common situation when protocols designed for information protection are used without understanding their purpose, specification and limits. This results in serious flaws, which at best make the protection useless, and in worst case scenarios bring new, much more serious security problems. The talk will cover cases of protocol misuse, both well-known (related to SSL/TLS and Onion Routing) and previously unexamined. The speaker will demonstrate new attack vectors and expose several 0-day vulnerabilities (in Google, Yandex, and Mail.ru).
Vladimir Dubrovin (aka 3ARA3A) is a graduate of the Lobachevsky State University of Nizhni Novgorod (Department of Computing Mathematics and Cybernetics), the editor of securityvulns.ru and developer of 3proxy.