Workflow TV - XAML and Activity Assembly Spoofing

Posted: Jun 22, 2011 at 12:00 AM
By: Ron Jacobs
Avg Rating: 0
3,810 Views
reddit

Tweet

13 minutes, 9 seconds

format
< > embed
+ queue

Sign In first to access your queue.
Close

Sorry, video was not added to the queue, an error occurred. Please Contact Us and let us know.
Close

Embed code for this video

Copy the code above to embed our video on your website/blog.

Video format

Option selected may change based on video formats available and browser capability.

Auto
Use our suggested format for this video.
Smooth Streaming
Adaptive bitrate streaming - little buffering but lower video quality at times of low bandwidth. Silverlight 5 required
Progressive
Traditional buffered video format. Silverlight 5 required
HTML5
For browsers that support H.264 MP4 or WebM video playback such as:
IE9+, Firefox 4+, Chrome 5+, or Safari 4+.
Flash
For browsers that have the Adobe Flash Player plugin installed.

Download

Right click “Save as…”

High Quality WMV (PC, Xbox, MCE)

File size
51.8 MB
MP3 (Audio only)

File size
6.0 MB
Mid Quality WMV (Lo-band, Mobile)

File size
41.8 MB
High Quality MP4 (iPad, PC)

File size
225.9 MB
MP4 (iPod, Zune HD)

File size
33.1 MB

What happens to a Workflow if an attacker can lure the workflow host into running XAML which references an assembly replaced by the attacker? This is what I call an Activity Assembly Spoofing attack. On this episode I'll show you how it can happen, what you need to know about the security model and what you can do to prevent it.

Links

Ron Jacobs
http://blogs.msdn.com/rjacobs
Twitter: @ronljacobs http://twitter.com/ronljacobs

Follow the Discussion

Follow
Oops, something didn't work.

Try again?

Sign In to be begin to follow these comments

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.

Getting "follow" information

Stop following these comments

Start following these comments

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.

Removing your "follow"

Setting up your "follow"

Did you know you can
sign up for email notifications?
- Subscribe to this comments

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.