lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 3 Jul 2010 15:14:42 +0300
From: "MustLive" <mustlive@...security.com.ua>
To: Sйbastien Duquette <ekse.0x@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Redirectors: the phantom menace

Hello Sebastien!

I'm glad that you liked the title of my article :-). For the title of the
letter I used the title of my article, which I posted in September 2009 to
the list (as I referenced in last letter). If you read at least some of my
articles from 2009-2010, particularly from those which I wrote about to FD
mailing list from September 2009 (when I became posting to the list), I like
sometimes to use interesting titles for my articles.

With such special titles I'm drawing people's attention to the problem. In
case of this particular article, I'm telling that danger of redirectors are
underestimating and they can be used for many different attacks, not only
redirecting to other sites (i.e. redirectors represent the phantom menace
for Internet community). Only recently WASC begun drawing attention to this
kind of security issues in their TC v2 (released at 01.01.2010), where they
added such class of vulnerability as URL Redirector Abuse.

> It took me until half the post to realize this wasn't posted by
> MusntLive but by the original MustLive.

Different people use different styles for writing texts, so it's easy to
distinguish my texts from text of others (including those who try to spoof
on my letters). I'm not subscribed on the list, so I didn't know about such
man as musnt live. But recently I received the letter from him, so I've
become familiar with his kind of letters :-) (which are very not serious).
So I've added his email to my blacklist and if he embarrassed you, then you
can do the same (and just ban him). In this case ban both his and the second
address, which I mentioned
(http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075412.html).
Because these are both his addresses, as I found very quickly, from which
(under different names) he was trying to spam me and to the list.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message ----- 
From: "Sйbastien Duquette" <ekse.0x@...il.com>
To: "MustLive" <mustlive@...security.com.ua>
Cc: <full-disclosure@...ts.grok.org.uk>
Sent: Monday, June 28, 2010 12:53 AM
Subject: Re: [Full-disclosure] Redirectors: the phantom menace


> It took me until half the post to realize this wasn't posted by
> MusntLive but by the original MustLive. With a title like that, I
> assumed it was some kind of mockery. Sometimes reality is stranger
> than fiction...
>
> On Sun, Jun 27, 2010 at 4:45 PM, MustLive <mustlive@...security.com.ua>
> wrote:
>> Hello participants of Full-Disclosure!
>>
>> Additional information for those who read my article (and who still
>> didn't
>> they can do it) Redirectors: the phantom menace
>> (http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070901.html).
>>
>> In addition to previous 12 attacks via open redirectors this year I added
>> three new attacks (and soon would add more).
>>
>> To before-mentioned attacks the redirectors also can be used:
>>
>> - For conducting of XSS attacks via PDF files, which I wrote about in
>> post
>> regarding Script Injection in Adobe Acrobat
>> (http://www.webappsec.org/lists/websecurity/archive/2010-01/msg00049.html).
>>
>> - For conducting of DoS attacks on browsers via redirection to mailto:
>> URL,
>> which I wrote about in post DoS in Firefox, Internet Explorer, Chrome,
>> Opera
>> and other browsers (http://websecurity.com.ua/4206/). This concerns both
>> open redirectors and closed redirectors
>> (http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070901.html).
>>
>> - For bypassing of restrictions on URL at HTML Injection attacks,
>> particularly Link Injection. As in case of vulnerability at
>> news.yahoo.com
>> (http://websecurity.com.ua/3723/). In contrast to bypass of protection
>> filters at using of closed redirectors (attack #10), in this case not
>> external redirector is using, but internal one (at this site, or at the
>> site
>> from allowed list).
>>
>> Best wishes & regards,
>> MustLive
>> Administrator of Websecurity web site
>> http://websecurity.com.ua
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists