lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20070219175436.BE68FDA82B@mailserver7.hushmail.com>
Date: Mon, 19 Feb 2007 12:54:36 -0500
From: <auto400208@...hmail.com>
To: <bugtraq@...urityfocus.com>
Cc: <full-disclosure@...ts.grok.org.uk>
Subject: Re: Drive-by Pharming Threat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am curious as to how one "automatically" logs on?

1. Internet Explorer disallows username:pass@http://192.168.1.0
2. Opera has a very clear warning that you are logging on
3. Firefox has a very clear warning that you are logging on

Are there any other methods to log on without any warning? If so
does it work with Internet Explorer?  Also when you do reset or
change parameters in the router, does it not require a reboot of
the router (auto after you hit save), whereby your connection is
lost for x amount of time?

1. Unless there are methods to log on without any warning you will
be informed of this, and

2. After you are informed you will lose your connection for a short
period with a notification of same.

Not exactly clear to me where this drive-by aspect comes into play.

Also not to mention find a method to cross domains into the routers
html, for each and every router out there.

- --
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkXZ5GEACgkQ8swcuoVgWHA9/wP6AkhU8AvZfanE09WC2p0PPvlhBR49
AuVwNN4/QcgutQkG5UEWlfTki7NKIcNsEm2Hximktd4vo3AaH7+4ToRZ60UnAiYI0rM1
IUQj5+ts9eSiWMbSLUFyH9iPLlQEu2V8ADGi+2nGpfmEYh8/FtW98W5zHdM68JQCDXuM
D0lwqao=
=IapJ
-----END PGP SIGNATURE-----



--
Click for free info on human resource careers and make $150K/ year
http://tagline.hushmail.com/fc/CAaCXv1I7UeCkIloqJbXWpQfvPyDA0JL/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ