Why send someone an executable when you can just send them a sidebar gadget? We will be talking about the windows gadget platform and what the nastyness that can be done with it, how are gadgets made, how are they distributed and more importantly their weaknesses. Gadgets are comprised of JS, CSS and HTML and are application that the Windows operating system has embedded by default. As a result there are a number of interesting attack vectors that are interesting to explore and take advantage of.
We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets.
Mickey Shkatov AKA "Laplinker" , is a proud DC9723 member, not a Mossad agent, a breaker of code, a researcher of vulnerabilities that will never see the light of day, a lunatic and a fun guy to drink with. Twitter: @laplinker http://www.laplinker.com
Toby Kohlenberg is an opinionated loud mouth who occasionally has interesting insights and useful things to say about a wide variety of information security topics. He's worked on a large number of different technologies in the information security space. Past speaker at: T2, Shmoocon, Toorcon Seattle, PacSec and CanSecWest.