lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <28bb57460702191323h47529665h5425b9917c1dd108@mail.gmail.com>
Date: Mon, 19 Feb 2007 22:23:29 +0100
From: "Martin Johns" <martin.johns@...il.com>
To: "auto400208@...hmail.com" <auto400208@...hmail.com>,
	bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Drive-by Pharming Threat

On 2/19/07, auto400208@...hmail.com < auto400208@...hmail.com> wrote:
> I am curious as to how one "automatically" logs on?

There are several potential methods (depending on the victim's browser):
1) Older versions of Flash allow the spoofing of arbitrary http
headers [1] thus allowing the creation of attacker controlled
Authorization-headers.
2) Firefox does not display http-authentication warnings if the http
request was generated by the browser's link-prefetch mechanism [2].
3) An anti-DNS-pinning attack [3] can be executed to break the
same-origin policy. Then the low-level socket functions of either
Flash (all browsers) [4] or Java (Firefox and Opera) [5] could be
employed to create arbitrary http requests.

[1] http://www.securityfocus.com/archive/1/441014/30/0/threaded
[2] http://blog.php-security.org/archives/56-Bruteforcing-HTTP-Auth-in-Firefox-with-JavaScript.html
[3] http://shampoo.antville.org/stories/1451301/
[4] http://www.jumperz.net/index.php?i=2&a=1&b=8
[5] http://shampoo.antville.org/stories/1566124/

-- 
Martin Johns
http://shampoo.antville.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ