Core Security Expert to Detail Critical IE Browser Security Issues at Black Hat DC 2010 Conference


Leading Penetration Testing Specialist to Demonstrate Methods That Could Allow

Cybercriminals to Steal Data from Unprotected PCs

WASHINGTON, D.C. – Dec. 27, 2010 - Core Security Technologies, provider of CORE IMPACT Pro, the most comprehensive product for proactive enterprise security testing, today announced that one of its industry leading Core Security Consulting Services (SCS) experts will serve as a featured presenter at the Black Hat DC 2010 conference being held at the Hyatt Regency Crystal City Jan. 31 – Feb. 3.

At the conference, Core SCS Security Consultant Jorge Luis Alvarez Medina will demonstrate cutting-edge browser manipulation techniques that can allow for remote exploitation of devices running Microsoft’s ubiquitous Internet Explorer web browser in his talk: “Internet Explorer Turns Your Personal Computer into a Public File Server.”

Alvarez Medina will specifically highlight how an attacker may be able to gain access to every file on a Windows PC file system running Internet Explorer using the methods discovered during his research. The involved attack leverages not a traditional software security vulnerability, but instead legitimate design features of IE that may be considered minor points of risk on their own, but can be combined to carry out dangerous attacks.

The expert, whose responsibilities include performing penetration tests for some of the world’s largest organizations, will also disclose and demonstrate proof-of-concept code developed for the scenarios being proposed. Core Security is working closely with Microsoft to ensure that the vendors’ millions of customers remain protected from potential threats targeting the reported issues.

“This is an interesting form of exploitation specifically in that it does not utilize traditional security flaws to run its course but instead targets legitimate features purposely built into IE for many years,” said Alvarez Medina. “Microsoft has attempted to address these types of problems in IE in the past but their response has not prevented someone from targeting these sorts of issues to gain access to data that resides on machines running their browser.”

What: “Internet Explorer Turns Your Personal Computer into a Public File Server

When: Wednesday, Feb. 3, 2010; 3:15-4:30p.m. ET

Where: Black Hat DC 2010, Hyatt Regency Crystal City

Who: Jorge Luis Alvarez Medina, Core SCS Security Consultant

With the recent disclosure of the IE zero day vulnerability that was used to carry out targeted attacks against some of the world’s largest technology companies, interest in browser flaws – particularly those affecting IE – has arguably never been greater. Please join us for this extremely timely, informative presentation.

Core Security continues to feed the intelligence garnered via the work of its SCS consultants and CoreLabs research experts directly into its CORE IMPACT family of automated penetration testing solutions to ensure that organizations can proactively determine their exposure to such widely available vulnerabilities.

For more information about the presentation or to schedule meetings with Core Security’s experts at Black Hat DC 2010, please contact Tim Whitman or Lauren O’Leary at 781-684-0770 or via email at:  

About Core Security Technologies

Core Security Technologies is the leader in comprehensive penetration testing software solutions that IT executives rely on to expose vulnerabilities, measure operational risk and assure security effectiveness. The company’s CORE IMPACT product family offers a comprehensive approach to assessing the security of network systems, endpoint systems, email users and web applications against complex threats. All CORE IMPACT security testing solutions are backed by trusted vulnerability research and leading-edge threat expertise from the company’s Security Consulting Services, CoreLabs and Engineering groups. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at


Tim Whitman or Lauren O’Leary

Schwartz Communications 

781 684-0770

Wed, January 27