In this talk I will look at new types of vulnerabilties that may have disastrous consequences, but for which it is difficult to point at any particular bug in the software stack. In particular, I will discuss how Google allows attackers that compromise your PC to also own your phone (thereby killing SMS-based two-fact authentication), a new attack on Windows-based systems that allows an attacker to completely pwn the latest Microsoft Edge browser with all defenses up, as well a Linux installations in the cloud, all while not using a single software bug. The goal of this talk is to show that any sufficiently advanced attack is indistinguishable from magic.

About the speaker

Herbert Bos

Professor and Leader of the VUSec Systems Security Research Group at Vrije Universiteit Amsterdam

Herbert Bos is a professor of Systems and Network Security at Vrije Universiteit Amsterdam in the Netherlands. He obtained his Ph.D. from Cambridge University Computer Laboratory (UK). Coming from a systems background, he drifted into security a few years ago and never left. He is very proud of his (former) students, three of whom have won the Roger Needham Ph.D. Award for best Ph.D. thesis in systems in Europe.
Read more …