funsec mailing list archives
Re: Hackers Focusing on Web 2.0 Sites (plus Comment)
From: Jordan Wiens <numatrix () ufl edu>
Date: Thu, 12 Jul 2007 10:29:21 -0400
On Jul 12, 2007, at 7:00 AM, Dude VanWinkle wrote:
Do you remember the java applet port scanner that was posted to FD a while ago? If you visited the site, it would load the applet and scan cia.gov from your IP address? (kinda like this one: http://switch.sjsu.edu/v6n2/ztps/, but I dont remember having to click on "ok" to have the scan kick off..) Well I am just waiting for some interactive content to allow folks to load a tiny SMTP server into visiting users JVM's use that to send out spam.. Could JS be used that way as well?
Not easily: http://www.mozilla.org/projects/netlib/PortBanning.html http://kb.mozillazine.org/Network.security.ports.banned.override I imagine IE has similar restrictions.Flash or java might have some options, but you have to get around their security as well:
http://java.sun.com/sfaq/example/port25.html -- Jordan Wiens, CISSP UF Network Security Engineer (352)392-2061 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Hackers Focusing on Web 2.0 Sites (plus Comment) Paul Ferguson (Jul 11)
- Re: Hackers Focusing on Web 2.0 Sites (plus Comment) Dude VanWinkle (Jul 12)
- Re: Hackers Focusing on Web 2.0 Sites (plus Comment) Michael Silk (Jul 12)
- Re: Hackers Focusing on Web 2.0 Sites (plus Comment) Jordan Wiens (Jul 12)
- Re: Hackers Focusing on Web 2.0 Sites (plus Comment) Dude VanWinkle (Jul 12)