ST

Shawn Moyer and Nathan Hamiel gave an interesting talk at Defcon 17 titled "Weaponizing the Web: New Attacks on User-generated Content". Here is the abstract in their own words: "Ultimately, basing the value proposition of your site on user-generated and external content is a kind of variant on Russian Roulette, where in every turn the gun is pointed at your head, regardless of the number of players. You may win most of the time, but eventually a bullet is going to find its way into the chamber with your name on it.

We spent some time last year looking at this problem as it related specifically to Social Networks, but that left a lot of the territory unexplored. This time around we'll be talking about a previously unnoticed attack vector for lots and lots of web applications with user-generated content, and releasing a handy tool to exploit it. Bundled in are some thoughts on Web 2.0 attack surface, a few new exploitation techniques, and as in last year, a hefty helping of lulz, ridicule, and demos-of-shame at the expense of a few of your and (our) favorite sites."

There is an interesting post on Fishnet Security about the talk which might want to read. You can download the presentation slides here and the tool here. You can visit their website for more information. Thanks to Vim EeeeOOO for posting this video.