Why send someone an executable when you can just send them a sidebar gadget?
We will be talking about the windows gadget platform and what the nastiness that can be done with it, how are gadgets made, how are they distributed and more importantly their weaknesses. Gadgets are comprised of JS, CSS and HTML and are application that the Windows operating system has embedded by default. As a result there are a number of interesting attack vectors that are interesting to explore and take advantage of.
We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets.
My name is Mickey Shaktov (AKA Laplinker), I am from Israel and am an Information systems engineer graduated at the BGU. I am currently unaffiliated to any corporation, Previously I have worked for Intel Corporation as a security researcher and evaluator, breaking software, firmware and hardware. A proud DC9723 member, not a mossad agent, breaker of code, researcher of vulnerabilities that will never see the light of day and a guy who will allways say what is on his on mind so brace your selves.
Toby is a senior information security technologist for a Fortune 50 company and has been working in infosec since 1999. He has worked on a large number of different technologies in the information security space. His primary job is new technology evaluation, penetration, and defense. Recently he has been focusing on cloud and virtualization security