London, UK – August 28, 2013 – IOActive, Inc., the leading global provider of specialist information security services, today announced that Chris Valasek, director of security intelligence for the company, will be presenting his findings of string allocations for Microsoft’s IE9 web browser.
The presentation will take place during the Briefings section of the Nordic Security Conference, which takes place this week – 29 to 30 August – in Reykjavik, Iceland.
Valasek’s presentation will focus on how the allocation of memory, specifically user-controlled strings, has played a major role in browser exploitation, especially with regards to heap spraying. The underlying knowledge of JavaScript string allocations was widespread for Internet Explorer 6 through 7. However, while heap spray attacks adapted to changes in Internet Explorer 8 through 9, public foundational knowledge did not keep pace.
Finally, the presentation will cover the brief history of string allocations from Internet Explorer 6 to Internet Explorer 8 and explore current memory management methods for Internet Explorer 9. It will conclude with a look at how newly acquired knowledge can be useful for browser exploitation.
Details of the presentation:
WHAT: An Examination of String Allocations: IE-9 Edition
WHERE: Hilton Reykjavik Nordica, Reykjavik, Iceland
WHEN: Thursday August 29, 2013 at 17:20pm
About Nordic Security Conference 2013
The Nordic Security Conference (NSC) is the most technically-focused computer security conference in Scandinavia. The purpose of NSC is to foster a sense of community in and enhance the knowledge of the computer security communities in Scandinavian countries by hosting the best ideas and training from around the world.
About Christopher Valasek
Christopher Valasek is the Director of Security Intelligence at IOActive. At IOActive Valasek specialises in attack methodologies, reverse engineering and exploitation techniques. While widely regarded for his research on Windows heap exploitation, Valasek also regularly speaks on the security industry conference circuit on a variety of topics. His previous tenures include Coverity, Accuvant LABS, and IBM/ISS. Valasek is also the Chairman of SummerCon, the nation’s oldest hacker conference. Chris holds a B.S. in Computer Science from the University of Pittsburgh.
About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.
-###-