Firewall Wizards mailing list archives

Re: Web Site Hacks

From: "-= ArkanoiD =-" <ark () mpak convey ru>
Date: Wed, 3 Dec 97 23:45:30 +0300

nuqneH,

Date: Tue, 2 Dec 1997 21:10:19 GMT
From: Edward Cracknell <edward () securIT net>
To: "Firewall Wizards (Marcus J. Ranum's new moderated mail list)" <firewall-wizards () nfr net>
Subject: Web Site Hacks
Web Site Hacks:


[dd]

Philip raised a great thread in a direct mail to me, the essence of it
was how web sites could be compromised. As a Java dunce, I'd love some
input from you guys. Here's how I see it:


[dd]

I know I've missed all the ActiveX and Java. Can we thrash these
vulnerabilities out here?


Hmm, Java/ActiveX are browser-side things too, so they can be used (directly)
to hack browsers only, not web sites (although there could be some indirect
compromises ;)

Or do i miss something?

--- 
                                       _     _  _  _  _      _  _
   Must be a visit from the dead..     _| o |_ | | _|| |   / _||_|   |_ |_ |_
   CU in Hell ..........  Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|

Current thread:

Web Site Hacks Edward Cracknell (Dec 03)
- Re: Web Site Hacks -= ArkanoiD =- (Dec 03)
- Re: Web Site Hacks -= ArkanoiD =- (Dec 03)
- Re: Web Site Hacks Daniel Garcia (Dec 03)
  - Re: Web Site Hacks Nick Drage (Dec 04)
- Re: Web Site Hacks Michael Kyle (Dec 04)
- <Possible follow-ups>
- RE: Web Site Hacks Denis Gordon (Dec 03)
  - Re[2]: Web Site Hacks Edward Cracknell (Dec 04)
- Re: Web Site Hacks Bruce B. Platt (Dec 04)
  - Re[2]: Web Site Hacks Edward Cracknell (Dec 05)
- Re: Web Site Hacks Steve Gibbons (Dec 05)
- Re: Web Site Hacks Steven Bellovin (Dec 05)

(Thread continues...)