Note from Black Hat on ARP Spoofing Malware

During my classes I mentioned seeing a post on malware that performs ARP spoofing to inject malicious IFRAMEs on Web pages returned to anyone browsing the Web on the same segment. I found it -- ARP Cache Poisoning Incident by Neil Carpenter.

Thanks to Earl Crane for taking the picture of a few ex-Foundstoners who met after the talk by Keith Jones and Rohyt Belani.