Presentations - Handcrafting ASCII Flash Files for Fun and Profit

  • Location: Security Theater
  • Speaker: Gábor Molnár
  • Date and time: 10. October 2014. 12:40 - 13:25

Rosetta Flash was one of the most hyped web vulnerabilities of this year that affected a large number of high profile websites and was also nominated

The basic idea behind the
vulnerability is not new: a researcher published it in 2013 but to
successfully exploit it, one needs to create Flash files that consist
of only the ASCII number and alphabetical characters. This was believed to be an
unsolvable problem until recently. I will talk about how this was
solved by my "ascii-zip" algorithm that was used in the famous
Rosetta Flash tool. After explaining the technical details, the
background story of the disclosure of the vulnerability will also be
shared, and this will also explain why the discovery of this
vulnerability is attributed to a Google engineer.


Sponsors:

Gold
Gold
Gold
Silver
Silver
Silver
Silver
Silver
Silver
Bronze
JOB
Technical