Recently I've been testing some methods or semi-methods of securing web
applications against
XSRF/CSRF attacks (crypto tokens, POST instead of GET, Referer header
validation, etc.).
Generally these techniques work (more or less) but there is a major flaw in
such thinking:
we start to trust the
The tools are people who write their press releases for them... hehehe
A must read if you like to pick apart the 'spin doctors'.
http://www.appliedwatch.com/pr/20070131-1.pdf
--
Reece Mills, GSEC
Making the best of IT
___
Full-Disclosure - We
= Lizardtech DjVu Browser Plug-in - Multiple Vulnerabilities
=
= Vendor Website:
= http://www.lizardtech.com/
=
= Affected Version:
=Windows DjVu Browser Plug-in 6.1.1
=
= Public disclosure on February 15th 2007
On Tue, 13 Feb 2007, Gadi Evron wrote:
We all agree it is not a very likely possibility, but I wouldn't rule it
out completely just yet until more information from Sun becomes
available.
What more information do you need? You have an advisory, access to the
source code, access to the change
There was also a really entertaining presentation from Patrick Petersen of
IronPort at RSA, in which he mentioned use of defaced web sites as proxy
forwarders for spammers. According to the presentation, the spammers have a
fairly sophisticated toolkit that takes over the site and turns it into a
On Thu, 15 Feb 2007, Damien Miller wrote:
On Tue, 13 Feb 2007, Gadi Evron wrote:
We all agree it is not a very likely possibility, but I wouldn't rule it
out completely just yet until more information from Sun becomes
available.
What more information do you need? You have an advisory,
In some mail from Joe Shamblin, sie said:
How about just uncommenting the following from /etc/default/login
# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
CONSOLE=/dev/console
Not a fix to be sure, but at least prevents a
Hello,
We would like to inform you about a vulnerability in Comodo Firewall Pro.
Description:
Comodo Firewall Pro (former Comodo Personal Firewall) implements a component
control, which is based on a checksum
comparison of process modules. Probably to achieve a better performance, cyclic
This is the idea of OpenPacket, as far as I'm aware. It's still only
in the Alpha stage though.
OpenPacket.org is a Web site whose mission is to provide a centralized
repository of network traffic traces for researchers, analysts, and
other members of the
digital security community.
Dear Michal Zalewski,
Mitigating factor: it doesn't work through proxy, because for proxy URI
is sent instead of URL and request will be incomplete.
GET http://evil.com
--Thursday, February 15, 2007, 1:23:01 AM, you wrote to [EMAIL PROTECTED]:
MZ 'evil.com\x00foo.example.com' to be a part
On Thu, 15 Feb 2007, 3APA3A wrote:
Mitigating factor: it doesn't work through proxy, because for proxy URI
is sent instead of URL and request will be incomplete.
Yup. Depends on the proxy, actually ('GET http://evil.com' might get
parsed as HTTP/0.9) - but Squid, both in direct and in reverse
Hello there Baey, I agree with you: there is no magic solution against
XSS/CSRF attacks. It is indeed scary that the trusted/unique token can
be stolen with a simple AJAX request provided a XSS hole is found.
In summary, I think we have three realistic solutions for XSS/CSRF
attacks that should
that site is not opening from my side:(
On 2/15/07, Joe Hancock [EMAIL PROTECTED] wrote:
This is the idea of OpenPacket, as far as I'm aware. It's still only
in the Alpha stage though.
OpenPacket.org is a Web site whose mission is to provide a centralized
repository of network traffic traces
On Thu, 15 Feb 2007, pdp (architect) wrote:
I wander whether we can execute code on about:config or about:cache.
Actually, there are several odd problems related to location updates and
location.hostname specifically, including one scenario that apparently
makes the script run with
On 2/15/07, pagvac [EMAIL PROTECTED] wrote:
3. Protect interesting/dangerous requests by asking the user for
something only he/she knows (i.e.: password)
Careful with that. What about JS keyloggers?
Regards,
Brian
___
Full-Disclosure - We believe
Everyone,
I'm posting this on behalf of Zulfikar Ramzan who isn't subscribed to
this list.
We discovered a new potential threat that we term Drive-by Pharming.
An attacker can create a web page containing a simple piece of malicious
JavaScript code. When the page is viewed, the code makes a
On 2/15/07, Michal Zalewski [EMAIL PROTECTED] wrote:
Actually, there are several odd problems related to location updates and
location.hostname specifically, including one scenario that apparently
makes the script run with document.location in about: namespace.
I did not research them any
the first one runs in about:blank which is restricted. the second one
is very interesting but still not very useful because it acts like
about:blank. hmmm it seams that the hostname field has been seriously
overlooked.
On 2/15/07, Michal Zalewski [EMAIL PROTECTED] wrote:
On Thu, 15 Feb 2007, pdp
weird, firefox slowly dies out
t2.html
html
body
iframe src=t1.html/iframe
/body
/html
t1.html
html
body
scriptlocation.hostname=blog.com;/script
/body
/html
On 2/15/07, pdp (architect) [EMAIL PROTECTED] wrote:
the first one runs
19 matches
Mail list logo