Description: https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-ava_latrope-excersise_in_messaging.pdf
eXtensible Messaging and Presence Protocol, or XMPP, is a is a set of specialized XML-based protocols that are an increasingly popular choice for a variety of middleware applications. It's a sprawling project implemented differently by many popular projects and services, and is used for purposes ranging from chat rooms and video conferencing to control channels for mobile devices. It combines a myriad of confusing buffet-style design options with all of the traditional weaknesses of XML security. XML parsing is a fragile art and many (if not most) implementations are vulnerable to DOS attacks, such as knocking the other users of a chatroom offline. I take a look at how those issues play out in IM clients and open source servers.
Tags: securitytube , defcon , def con , hacking , hackers , information security , convention , computer security , DC 17 , Defcon 17 , dc-17 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.