Firewall Wizards mailing list archives
Re: Active-content filtering (was RE: Buffer Overruns)
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Tue, 28 Dec 1999 10:12:32 -0800
They simply have no idea whatsoever that these scripting languages put their customers' clients at risk. It doesn't even register. The New York Times site is the worst. Not only does it require cookies, but if you want to complain about THAT practice, their form letter is Javascript driven.
That's easy to fix. Just get the HFG guys to deface the website again, only this time leave it looking normal and insert some evil Javascript that all the old browers are vulnerable to. That's only partially a joke. I'm waiting for a defacement that does exactly that. This solves the problem of how do you put up evil web content without it being traceable back to you (other than for demonstrations purposes, of course.) Ryan
Current thread:
- Re: Active-content filtering (was RE: Buffer Overruns), (continued)
- Re: Active-content filtering (was RE: Buffer Overruns) David Lang (Dec 23)
- Re: Active-content filtering (was RE: Buffer Overruns) Hazel A. Borg (Dec 24)
- Re: Active-content filtering (was RE: Buffer Overruns) Crispin Cowan (Dec 26)
- Re: Active-content filtering (was RE: Buffer Overruns) Joseph S D Yao (Dec 28)
- Re: Active-content filtering (was RE: Buffer Overruns) Neil Ratzlaff (Dec 22)
- RE: Active-content filtering (was RE: Buffer Overruns) fernando_montenegro (Dec 26)
- Re: Active-content filtering (was RE: Buffer Overruns) Crispin Cowan (Dec 26)
- Re: Active-content filtering (was RE: Buffer Overruns) Jody C. Patilla (Dec 28)
- Re: Active-content filtering (was RE: Buffer Overruns) Dorian Moore (Dec 30)
- Re: Active-content filtering (was RE: Buffer Overruns) Crispin Cowan (Dec 30)
- Re: Active-content filtering (was RE: Buffer Overruns) Crispin Cowan (Dec 26)