Top Security News

QuickTime Issues Still Plague Websites
Similar to the issue that allowed the MySpace worm to parade through the popular social networking site, another flaw in Apple's QuickTime can be exploited...

Data Thieves Drop In On Your Phone
Spyware geared toward stealing data from a mobile device has been spotted accompanying phone-infecting viruses; this early effort probably signals more sophisticated attacks are in the offing...

Keeping An 'eEye' On Zero-Day Exploits
Marc Maiffret's eEye security firm recently launched the Zero-Day Tracker, a website where the company will post and archive information on vulnerabilities hit by zero-day exploits...

BuddyProfile Sending AIM Users To Malware
A site that allows visitors to embed content in their AIM buddy profiles is being exploited by malware and adware distributors who create profiles laden with links to unwanted content...

David A. Utter
Thursday: 01.04.07

Firewall Fright Tops 2006 Hacks

Amid a year of worms, cracks, phishes, and other computer security nastiness, a method of port scanning intranets from the outside topped the list.

As someone who used to spend a bit of time working with a very good firewall that is now owned by a major computer security company, the first hit on WhiteHat Security CTO Jeremiah Grossman's list of top 10 hacks last year made me glad my work now involves writing about these threats instead of fighting them.

Grossman and T.C. Niedzialkowski gave a presentation at Black Hat 2006 in Las Vegas about using JavaScript as malware to hack intranet websites. It expanded on the work done by security researcher RSnake at the ha.ckers.org website to deliver a real head-turner of an attack.

Code examples crafted by Grossman and company for the demonstration do not use any web browser vulnerabilities, whether patched or unknown according to Grossman's presentation notes.

Low Rate eCommerce & Retail Plans

"The code uses clever and sophisticated JavaScript, Cascading Style-Sheet (CSS), and Java Applet programming," he wrote, "technology that is common to all popular web browsers."

Once a person inside a corporate firewall visits the wrong website or clicks the wrong link, the exploit goes to work searching for listening servers. Then the code makes an effort to access those servers with default logins that a careless administrator may have left in place on those devices.

Grossman noted that once the browser closes, little of the exploit code remains behind. This is why cross-site scripting problems are such a big deal, because one of them could lead to an exploit like the one Grossman described.

A workaround for the threat would mean turning off JavaScript, which would mean turning off the functionality of hundreds of websites. Even that would not be a guaranteed method of protection. You see, there's an HTML-only version of this exploit too.

Have a nice day.

About the Author:
David Utter is a technology writer for SecurityProNews, WebProNews, and InternetFinancialNews.

About SecurityProNews
SecurityProNews is updated in real time with vital internet security alerts, news and in-depth articles for IT Managers. SecurityProNews understands that IT Management Begins With Security.
 

SecurityProNews is brought to you by:

SecurityConfig.com NetworkingFiles.com
ITmanagementNews.com NetworkNewz.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
 
 

Advertising Newsletters Corporate Info Site Map Support
© 2007  SecurityProNews. An email newsletter.
, Inc. 2549 Richmond Rd. Lexington KY, 40509
All Rights Reserved. Terms under which this service is provided to you. Read our privacy policy. Contact us.		 SecurityProNews is part of the iEntry Inc. Network of sites and newsletters.

">Unsubscribe from SecurityProNews.
To unsubscribe from SecurityProNews or any other iEntry publication, simply send an email request to: support@ientry.com
SecurityProNews About Us News Archives Feedback