26C3: Network design weaknesses
To demonstrate, "fabs" chose the Pidgin instant messaging software, where emoticons in MSN Chat are apparently known to be particularly vulnerable to attacks. According to the security expert, the software's "shoddy" protocol replaces character strings and word strings with images, allowing a more or less unrestricted variety of symbols to be displayed. The protocol's flawed encoding of a text in binary enabled Yamaguchi to download an executable program and eventually gave the researcher a first foothold in the network.
The link for this article located at H Security is no longer available.