[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20070220001939.7A611DA84A@mailserver8.hushmail.com>
Date: Mon, 19 Feb 2007 19:19:37 -0500
From: <auto400208@...hmail.com>
To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.grok.org.uk>,
<martin.johns@...il.com>
Subject: Re: Drive-by Pharming Threat
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks.
I'm sure there are many ways to achieve each step separately (see
my reply to Andrew), to build this each and everything into
functional "drive by" attack seems far fetched. Your details below
add even more hurdles IMO. You'll be build a monster all
encompassing, browser, version, plus router mega exploit. Unless
the first two I mention to Andrew can be overcome easily. This is
all very far from a "drive by" vuln.
On Mon, 19 Feb 2007 16:23:29 -0500 Martin Johns
<martin.johns@...il.com> wrote:
>On 2/19/07, auto400208@...hmail.com < auto400208@...hmail.com>
>wrote:
>> I am curious as to how one "automatically" logs on?
>
>There are several potential methods (depending on the victim's
>browser):
>1) Older versions of Flash allow the spoofing of arbitrary http
>headers [1] thus allowing the creation of attacker controlled
>Authorization-headers.
>2) Firefox does not display http-authentication warnings if the
>http
>request was generated by the browser's link-prefetch mechanism
>[2].
>3) An anti-DNS-pinning attack [3] can be executed to break the
>same-origin policy. Then the low-level socket functions of either
>Flash (all browsers) [4] or Java (Firefox and Opera) [5] could be
>employed to create arbitrary http requests.
>
>[1] http://www.securityfocus.com/archive/1/441014/30/0/threaded
>[2] http://blog.php-security.org/archives/56-Bruteforcing-HTTP-
>Auth-in-Firefox-with-JavaScript.html
>[3] http://shampoo.antville.org/stories/1451301/
>[4] http://www.jumperz.net/index.php?i=2&a=1&b=8
>[5] http://shampoo.antville.org/stories/1566124/
>
>--
>Martin Johns
>http://shampoo.antville.org
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5
wpwEAQECAAYFAkXaPpUACgkQ8swcuoVgWHDTrgP/WU4bKcaAal+0pZoQ5HXw4J+lY/yg
vgxUf/70VxLo/XyePAWy/Gz1+A5eAg1sq3kX40a1Et7f0lf9VsHhP72WaJYVsaUYC0Nt
IZM/nQmqVj2mn2D9KpB2p5vewpsY1TgmORS91QHCUDQBHgTM0mCZdLXnlO50GD0vm8SG
LezrSAY=
=i8sj
-----END PGP SIGNATURE-----
--
Click to consolidate your debt and lower your monthly expenses
http://tagline.hushmail.com/fc/CAaCXv1QPRPcBJzTcaarTIE0MlLYCRdr/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists