Windows 7 vulnerabilities and the Conficker worm will be among the topics under scrutiny at the Hack In The Box Security Conference (HITB ) held in Dubai. "A lot of time and energy is spent looking at cross-domain issues in web applications. However, there's little point having a secure web application if the underlying platforms, such as Web browsers and common Web plugins, have cross-domain issues themselves." Evans will present a paper on cross-domain vulnerabilities with Billy Rios, a security engineer at Microsoft. "We'll be demonstrating some cross-domain bugs in browsers. We'll also be recapping and presenting some advances in areas where the underlying web model unfortunately permits some cross-domain leaks," Evans said.

Full Article