Description: https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-itzik_kotler-tomer_bitton-day_of_updates.pdf
Software updates apply patches or introduce new features to an application. In most cases, the update procedure is conducted in an insecure manner, exposing the updater to execution of malicious code or to manipulation of application data such as anti-virus signatures.
This presentation will describe in detail different application-update procedures. It will then demonstrate several techniques of update-exploitation attacks, and introduce a new tool, which leverages a man-in-the-middle technique, to build and inject a fake update reply or hijack an on-going update session.
Tags: securitytube , defcon , def con , hacking , hackers , information security , convention , computer security , DC 17 , Defcon 17 , dc-17 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.