|
Title: New Explot FTW: The Internet Pwns j00 Post by: Ookii on August 02, 2007, 04:03:01 PM So basically this guy named Dan Kaminsky figured out how to turn your browser into a 'vpn concentrator', from the arcticle:
Quote The technique originates in the browser security model, based on same-origin policy. This allows a web browser, either using JavaScript or Flash, to connect back to the same host that the content came from. If the attacker changes where the hostname is pointing to, the browser can connect there. For example, the next time you connect to attacker.com, the DNS server actually serves you a 192.168.1.1 address, allowing the webapp to connect to your internal IP. The POC at http://www.jumperz.net/index.php?i=2&a=1&b=7 (http://www.jumperz.net/index.php?i=2&a=1&b=7) worked on my corporate network too, and apparently there is nothing you can do to stop it at the moment. The Original Article: http://radar.oreilly.com/archives/2007/08/your_web_browse.html (http://radar.oreilly.com/archives/2007/08/your_web_browse.html) More Whitepaperish: http://www.megginson.com/blogs/quoderat/2007/08/01/protecting-web-sites-and-services-from-dns-rebinding-attacks/ (http://www.megginson.com/blogs/quoderat/2007/08/01/protecting-web-sites-and-services-from-dns-rebinding-attacks/) So basically right now if someone knows where something is in an internal network, and can get you to visit their website, you're pwned. Title: Re: New Explot FTW: The Internet Pwns j00 Post by: Ironwood on August 03, 2007, 01:01:57 AM Scaring the fishes.
:-o Title: Re: New Explot FTW: The Internet Pwns j00 Post by: Oban on August 03, 2007, 01:42:11 AM I sent this to my web devs and have yet to hear from them... never a good sign.
Title: Re: New Explot FTW: The Internet Pwns j00 Post by: Sky on August 03, 2007, 06:24:54 AM Cool link, thanks. I sent it to the librarians who are messing themselves trying to figure out how to make everything web 2.0.
Fucking buzzword douchebags. I prefer Shut The Fuck Up 1.9. Title: Re: New Explot FTW: The Internet Pwns j00 Post by: Roac on August 03, 2007, 06:32:15 AM I sent this to my web devs and have yet to hear from them... never a good sign. Please wait for 15 seconds. f1() ERROR: Access is denied. ERROR: http://jumperz.net/exploits/dnsp3.jsp?address=127.0.0.1 ERROR: 50 Can't get it to work. Well, won't work for us at all anyway because all our websites require a host header, which the poc won't accept. I tried setting up a default page on the default website for it to hit, but it can't see that either. Then tried setting up a default on localhost, and it's not getting even that. Firefox was more interesting, but still didn't work: ERROR: uncaught exception: Security Error: Content at http://jumperz.net/exploits/dnsp3.jsp?address=127.0.0.1 may not load data from http://www.jumperz.net/index.php. Title: Re: New Explot FTW: The Internet Pwns j00 Post by: Trippy on August 03, 2007, 06:36:28 AM This isn't a "Web 2.0" specific thing.
Title: Re: New Explot FTW: The Internet Pwns j00 Post by: Sky on August 03, 2007, 07:09:03 AM This isn't a "Web 2.0" specific thing. I know but he does mention the vulnerability and his trepidition of the security of Web 2.0. If he's worried, I'm worried :)Title: Re: New Explot FTW: The Internet Pwns j00 Post by: bhodi on August 03, 2007, 08:08:35 AM that is slick.
Title: Re: New Explot FTW: The Internet Pwns j00 Post by: Trippy on August 03, 2007, 04:52:08 PM BTW this security flaw is much more worrisome:
http://www.tgdaily.com/content/view/33207/108/ Title: Re: New Explot FTW: The Internet Pwns j00 Post by: bhodi on August 04, 2007, 08:31:03 AM That's not a new flaw, it's a one-click tool that someone put together to exploit it. If you've got unencrypted traffing going over the air, you should expect to get your cookies stolen.
Title: Re: New Explot FTW: The Internet Pwns j00 Post by: Oban on August 04, 2007, 08:41:59 AM BTW this security flaw is much more worrisome: http://www.tgdaily.com/content/view/33207/108/ Why in god's name would you use webmail without a secure connection? Download better gmail if you use firefox. (http://www.clisham.com-a.googlepages.com/128281656998281250PleaseICanH.jpg) Title: Re: New Explot FTW: The Internet Pwns j00 Post by: Trippy on August 04, 2007, 02:09:44 PM That's not a new flaw, it's a one-click tool that someone put together to exploit it. If you've got unencrypted traffing going over the air, you should expect to get your cookies stolen. I didn't say that was a new flaw.Title: Re: New Explot FTW: The Internet Pwns j00 Post by: Sky on August 06, 2007, 06:13:44 AM If you've got unencrypted traffing going over the air, you should expect to get your cookies stolen. I'm trying to get my father to understand this. I think my next bit of advice for him is to sell his computer. He;s somehow broken every firewall known to man and doesn't use them anymore because they 'break his computer'. He also claims to have spent hours on the phone with every incident. Poor customer service, I never know what the hell he's talking about and I share half his DNA.If I were a hacker, I'd move to Florida. Lots of retirement accounts and dipshit old people accessing them through wireless connections in the park. Title: Re: New Explot FTW: The Internet Pwns j00 Post by: Furiously on August 06, 2007, 08:45:22 PM I suppose. But isn't it like taking candy from a baby?
Title: Re: New Explot FTW: The Internet Pwns j00 Post by: Sky on August 07, 2007, 06:21:30 AM Candy is tasty.
|