RE: New article on SecurityFocus

www.knoppix-std.org had an iframe that loaded a WMF for a while last
Saturday (I believe, might have been Sunday). Does that count? It
certainly isn't a porn site.

--Jim

On or about Fri, 6 Jan 2006, Brady McClenon pontificated thusly:

> What about them? All may be possible, but my question remains. Have we
> seen this, or is it just theory? And, is the server hosting the forum
> truly infected/compromised? It's like saying a snake is infected with
> it's own venom.
>
> Also, I dismiss any findings on porn sites. 90% of people that frequent
> porn sites would install the same compromise if it came with EULA they
> had to agree to before installation. You don't need to dupe porn fiends
> into doing anything, just making it stand between them and their porn is
> enough. Might seem harsh, but does anyone truly disagree? :)
>
> One last rant... I'm tired of hearing in the media that file indexers
> like Google desktop can cause a compromise through the WMF exploit. It
> only indexes what is ALREADY on your hard drive. How did it get there
> to begin with?!? Obviously the user interacted with it at some point in
> the past in order to put it there. The exploit would have occurred at
> that point, not when the file indexer finds it later!
>
>
>
> > -----Original Message-----
> > From: Socrates [mailto:socrates@xxxxxxxxxxx]
> > Sent: Friday, January 06, 2006 2:13 PM
> > To: Brady McClenon
> > Cc: Drew Simonis; Thor (Hammer of God); Erin Carroll;
> > pen-test@xxxxxxxxxxxxxxxxx; Larry Seltzer; focus-ms@xxxxxxxxxxxxxxxxx
> > Subject: Re: New article on SecurityFocus
> >
> > What about a trojaned avatar for your username in a forum?
> > How about a
> > malicious iframe inclusion in HTML enabled forums?
> >
> > Brady McClenon wrote:
> > > Just curious. I hear media reports and people saying that there's
> > > hundreds or thousands of compromised web site from this,
> > but I have ask
> > > where these numbers come from? Where is this data, or is it pure
> > > speculation? I'm also curious how one could compromise a web server
> > > with this exploit. Putting files on a web server to dole out and
> > > compromise other computers I can see, but is the web server really
> > > compromised in this case? If so, was it by way of the WMF exploit?
> > >
> > > One last question: Has anyone here experienced or know
> > anyone that has
> > > a "legitimate" web server compromised (or serving out) by the WMF
> > > exploit. I'm trying to determine if there are those with actual
> > > knowledge that the sky is indeed falling, or if we are all
> > shaking over
> > > unsubstantiated media hype.
> > >
> > >
> > >
> > >>-----Original Message-----
> > >>From: Drew Simonis [mailto:simonis@xxxxxxxxxx]
> > >>Sent: Friday, January 06, 2006 10:22 AM
> > >>To: Thor (Hammer of God); Erin Carroll; pen-test@xxxxxxxxxxxxxxxxx
> > >>Cc: Larry Seltzer; focus-ms@xxxxxxxxxxxxxxxxx
> > >>Subject: Re: New article on SecurityFocus
> > >>
> > >>
> > >>>Overall, I think community's coverage of wmf has been delivered
> > >>>with an ounce of perception, and a pound of obscurity.
> > It's almost
> > >>>as if people *want* it to be worse than it is. I'm not surprised,
> > >>>of course. But regardless, my call is that we'll see a little
> > >>>activity here and there, the patch will come out, most
> > will install
> > >>>it (or have it installed automatically) and the whole issue will
> > >>>fade away. But that's all.
> > >>>
> > >>>We'll know for sure shortly, either way.
> > >>>
> > >>
> > >>Thor,
> > >>I think your path of thought is stuck a bit in the past.
> > >>Worms are neat as a technical exercise, but we see more and
> > >>more that the attackers are increasingly aware of the value
> > >>of these vulnerabilities from a financial perspective, not
> > >>merely for notoriety. As such, it benefits the attacker to
> > >>have a less subtle attack, one that does not sensationalize
> > >>the vulnerability. Complacency is their ally.
> > >>
> > >>That said, there are already numerous (hundreds+)
> > >>"legitimate" web sites that have been compromised and had
> > >>exploit images injected into their content. There are also
> > >>already hundreds of thousands of machines that have been
> > >>infected with Trojans or bots. These infected machines will
> > >>patch, but they won't be safe, and the problem gets worse.
> > >>
> > >>So no, there won't be some catastrophic worm event. But I
> > >>posit that what there will be could be much worse.
> > >>
> > >>--
> > >>___________________________________________________
> > >>Play 100s of games for FREE! http://games.mail.com/
> > >>
> > >>
> > >>--------------------------------------------------------------
> > >>-------------
> > >>--------------------------------------------------------------
> > >>-------------
> > >>
> > >>
> > >
> > >
> > >
> > --------------------------------------------------------------
> > ----------------
> > > Audit your website security with Acunetix Web Vulnerability Scanner:
> > >
> > > Hackers are concentrating their efforts on attacking
> > applications on your
> > > website. Up to 75% of cyber attacks are launched on
> > shopping carts, forms,
> > > login pages, dynamic content etc. Firewalls, SSL and
> > locked-down servers are
> > > futile against web application hacking. Check your website
> > for vulnerabilities
> > > to SQL injection, Cross site scripting and other web
> > attacks before hackers do!
> > > Download Trial at:
> > >
> > > http://www.securityfocus.com/sponsor/pen-test_050831
> > >
> > --------------------------------------------------------------
> > -----------------
> > >
> >
> >
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Relevant Pages

  • RE: New article on SecurityFocus
    ... The numbers come mostly from porn sites that use a low brow ad network that ... curious how one could compromise a web server with this exploit. ... > the attackers are increasingly aware of the value of these ...
    (Focus-Microsoft)
  • Re: Satire or Offensive?
    ... a jibe at a government minister for allowing a bloody stupid piece of decision making - ie. that a sex offender with a penchant for young children should be cleared and allowed to work within a school environment as long as the children are not of an age that appeals - then it could be seen a different light? ... I understand from other things I've read on this that the man in question was picked up in "project ORB" (where they used credit card payment details for porn sites to track people) and that some of the people picked up in that "project" had been visiting those sites for adult porn, and that there were a few who had never visited those sites but who's credit card details had been used. ... As this man never went through a court of law there is a possibility that he accepted the caution just to avoid the "mud sticking" of being dragged through a court (given the current trend of paedeatricians getting their houses daubed for being paedophiles, and the mob mentality of "he's been accused so he must be guilty"... ...
    (uk.religion.pagan)
  • Re: porn emails
    ... If you are receiving that many SPAM messages, ... You should also be aware that if you are getting mostly porn email, ... most likely because someone has been visiting porn sites and (most likely ... have a 13 year old son who uses the pc. ...
    (microsoft.public.windowsxp.general)
  • Re: Actor Chris Langham charged with 15 counts of making indecent images
    ... Plod comes along and declares them child porn under British law (ie ... product on specific child porn sites (at least that's my ... It seems that Operation Ore isn't exactly fool proof. ... Porn and presumably it can't all be "dodgy". ...
    (uk.media.tv.misc)
  • Re: want to write a book
    ... Alma Hromic Deckert wrote: ... I'm getting them, too, and I'm also getting a rash of Russian porn ... A few weeks ago it was a phisher purporting to be Wells ... looking at porn sites and to click a link to review the info they have ...
    (rec.arts.sf.composition)
Quantcast