Campus Event Calendar

Event Entry

What and Who

“Polyglots: Crossing origins by crossing formats”

Jonas Magazinius
Göteborg, Chalmers University of Technology
AG 1, AG 2, AG 3, AG 4, AG 5, SWS, RG1, MMCI  
Expert Audience

Date, Time and Location

Tuesday, 22 October 2013
60 Minutes
E1 5


“In a heterogeneous system like the web, information is exchanged between components in versatile formats. A new breed of attacks is on the rise that exploit the mismatch between the expected and provided content. This presentation focuses on the root cause of a large class of attacks: polyglots.

Polyglots allow multiple interpretation of formats, providing a new space of attack vectors based on “syntax injection” or “content smuggling”. Particularly dangerous formats are identified, with PDF as the prime example. A demonstration shows how polyglot attacks open up for insecure cross-origin communication.

In an evaluation of the top 100 Alexa web sites, five web sites were found to be vulnerable to polyglot attacks based on syntax injection. Further, two major enterprise cloud storage services were found to be susceptible to polyglot attacks content smuggling. Our recommendations for protective measures on server side, in browsers, and in content interpreters (in particular, PDF readers) show how to mitigate polyglot attacks.”


Prof. Dr. Michael Backes
+49 681 302 3249
--email hidden
passcode not visible
logged in users only

Bettina Balthasar, 10/18/2013 09:04
Bettina Balthasar, 10/15/2013 10:57 -- Created document.