Stefan Frei, Thomas Duebendorfer, Gunter Ollmann, Martin May
If you were to "hack the planet" how many hosts do you think you could compromise through a single vulnerable application technology? A million? A hundred-million? A billion? What kind of application is so ubiquitous that it would enable someone to launch a planet-wide attack? - why, the Web browser of course! We've all seen and studied one side of the problem - the mass- defacements and iframe injections. But how many vulnerable Web browsers are really out there? How fast are they being patched? Who's winning the patching race? Who's the tortoise and who's the hare? Our latest global study of Web browser use (tapping in to Google's massive data repositories) has revealed some startling answers along with a new perspective on just how easy it would be to "hack the planet" if you really felt like it.
August 10, 2008, DEFCON 16