lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20061127100236.GN48981@DAPCVA.da>
Date: Mon, 27 Nov 2006 11:02:36 +0100
From: Vincent Archer <varcher@...yall.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Anonymizing RFI Attacks Through Google

On Sat, Nov 25, 2006 at 01:01:54AM -0500, Dude VanWinkle wrote:
> On 11/25/06, endrazine <endrazine@...il.com> wrote:
> > this process of attack is a mere waste of time if one only reaches
> > anonymity : in order to
> > give google this new url to crawl, you'd have to either create a web
> > page that points to this
> > very page, or enter the url in the google database directly using their
> > form. None of those two
> > options are safer than attacking the website directly (google might vey
> > well log your actions),
> > so  what's the point ?
> 
> a lot of people are used to seeing google spider tracks in their logs.
> anonymizing your attack via google may make the admin investigating
> the attack think that a malfunctioning web bot was responsible for the
> attack, or they may skim over the entire incident accidentally.

Even if you are aware of an attack, the Google bot will not tell you
where the attacking URL comes from. So, if you're investigating the
hack, you have no data; you need to get Google to cooperate with you,
so they can find where the URL came from, and then investigate from
there.

That adds Google as an additional cut-out and delays any investigation.

-- 
Vincent ARCHER
varcher@...yall.com

Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 23, rue Notre Dame des Victoires - 75002 Paris - France

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ