lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20070220001939.7A611DA84A@mailserver8.hushmail.com>
Date: Mon, 19 Feb 2007 19:19:37 -0500
From: <auto400208@...hmail.com>
To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.grok.org.uk>,
	<martin.johns@...il.com>
Subject: Re: Drive-by Pharming Threat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks.

I'm sure there are many ways to achieve each step separately (see
my reply to Andrew), to build this each and everything into
functional "drive by" attack seems far fetched. Your details below
add even more hurdles IMO. You'll be build a monster all
encompassing, browser, version, plus router mega exploit. Unless
the first two I mention to Andrew can be overcome easily. This is
all very far from a "drive by" vuln.

On Mon, 19 Feb 2007 16:23:29 -0500 Martin Johns
<martin.johns@...il.com> wrote:
>On 2/19/07, auto400208@...hmail.com < auto400208@...hmail.com>
>wrote:
>> I am curious as to how one "automatically" logs on?
>
>There are several potential methods (depending on the victim's
>browser):
>1) Older versions of Flash allow the spoofing of arbitrary http
>headers [1] thus allowing the creation of attacker controlled
>Authorization-headers.
>2) Firefox does not display http-authentication warnings if the
>http
>request was generated by the browser's link-prefetch mechanism
>[2].
>3) An anti-DNS-pinning attack [3] can be executed to break the
>same-origin policy. Then the low-level socket functions of either
>Flash (all browsers) [4] or Java (Firefox and Opera) [5] could be
>employed to create arbitrary http requests.
>
>[1] http://www.securityfocus.com/archive/1/441014/30/0/threaded
>[2] http://blog.php-security.org/archives/56-Bruteforcing-HTTP-
>Auth-in-Firefox-with-JavaScript.html
>[3] http://shampoo.antville.org/stories/1451301/
>[4] http://www.jumperz.net/index.php?i=2&a=1&b=8
>[5] http://shampoo.antville.org/stories/1566124/
>
>--
>Martin Johns
>http://shampoo.antville.org
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkXaPpUACgkQ8swcuoVgWHDTrgP/WU4bKcaAal+0pZoQ5HXw4J+lY/yg
vgxUf/70VxLo/XyePAWy/Gz1+A5eAg1sq3kX40a1Et7f0lf9VsHhP72WaJYVsaUYC0Nt
IZM/nQmqVj2mn2D9KpB2p5vewpsY1TgmORS91QHCUDQBHgTM0mCZdLXnlO50GD0vm8SG
LezrSAY=
=i8sj
-----END PGP SIGNATURE-----



--
Click to consolidate your debt and lower your monthly expenses
http://tagline.hushmail.com/fc/CAaCXv1QPRPcBJzTcaarTIE0MlLYCRdr/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ