[NBLUG/Announce] General Meeting 2009-10-13: Hijacking Web 2.0 Sites with SSLstrip and Slowloris

[Kyle Rankin]

Start: 2009/10/13 - 7:30pm
End: 2009/10/13 - 9:00pm
Location:
O'Reilly, Sebastopol, CA
http://nblug.org/genloc
Speaker: Sam Bowne

Description:

    Many Websites mix secure and insecure content on the same page, like
    Facebook. This makes it possible to steal all the data entered on such
    a page easily, using Moxie Marlinspike's SSLstrip tool. I will explain
    and demonstrate this attack.

    Slowloris is a very new layer 7 denial-of-service attack created by
    RSnake that stops Apache web servers completely with very low
    bandwidth--one packet every 2 seconds. The Apache developers were
    notified of this vulnerability and decided it was unimportant and not
    worth patching. I will explain and demonstrate this attack, and discuss
    various ways to protect your Apache servers.

    I will hand out complete instructions so that anyone can easily set up
    both these attacks on their own machines.

    Sam Bowne has been teaching computer networking and security classes at
    CCSF since 2000. He has given talks at DEFCON and Toorcon on Ethical
    Hacking, and taught classes and seminars at many other schools and
    teaching conferences.

    He has a B.S. in Physics from Edinboro University of Pennsylvania and a
    Ph.D. in Physics from University of Illinois, Urbana-Champaign. His
    Industry Certifications are: Certified Ethical Hacker, Microsoft: MCP,
    MCDST, MCTS: Vista; Network+, Security+, Certified Fiber Optic
    Technician.

--
Kyle Rankin
NBLUG President
The North Bay Linux Users' Group
http://nblug.org
IRC: greenfly at irc.freenode.net #nblug 
kyle at nblug.org