funsec mailing list archives
Re: U.S.-Based Chinese Dissident Website DDoS'd Again - And Joe-Jobbed?
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Tue, 8 Jan 2008 09:33:20 -0500
From the link:
[Update] As a couple of comments have suggested, "just because you don't see a lock on the page that collects the information, doesn't mean that it doesn't post through an https connection." This may be correct. Here is the code of the form. It does, in fact, appear to invoke an API that rests on a secure server, but with my limited JavaScript skills, I cannot be certain that the form data is being encrypted. If someone with a little more expertise would be willing to chime in, I'd much appreciate it. If I turn out to be wrong, my humblest apologies for much ado about nothing. Though I suppose it would be nice if the form offered some sort of visible assurance of security. [Update 2] See Dustin's comment. By his account, the form submission appears to be secure. Sorry for the false alarm, but again, when it comes to insuring the security of your personal information, one should be ever-vigilant. My thanks to the Digg and Reddit communities for their sleuthing. [Update 3] I am a moron and a douche bag who likes to shoot his mouth off about technology I don't understand :-) -JP On Jan 8, 2008 1:52 AM, Paul Ferguson <fergdawg () netzero net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via UPI. [snip] A U.S.-based Web site that hosts Chinese dissidents' blogs is being hacked again, days after an attack took it offline and nearly destroyed its archives. The Web site, Boxun.com, which hosts some 2000 blogs, was the target of a "very strong" distributed denial of service, or DDOS, attack last week, its editor, Watson Meng, told United Press International. He added that hackers probing the Web sites of several U.S. government agencies had "spoofed" or forged their Internet addresses to make it seem as if the probes came from his site. "Our service provider received complaints from a number of government agencies," he said. [snip] More: http://www.upi.com/International_Security/Emerging_Threats/Briefing/2008/01 /07/chinese_dissident_site_hacked_again/3849/ Previously: http://www.darkreading.com/document.asp?doc_id=142072 - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHgx2Tq1pz9mNUZTMRAvgvAKDrMpGzmGDEolcpHbgGYJG845WwRACfdM23 bDmuwmNjLIrKQ6HZXKffQpA= =ohog -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- U.S.-Based Chinese Dissident Website DDoS'd Again - And Joe-Jobbed? Paul Ferguson (Jan 08)
- Re: U.S.-Based Chinese Dissident Website DDoS'd Again - And Joe-Jobbed? Dude VanWinkle (Jan 08)
- Re: U.S.-Based Chinese Dissident Website DDoS'd Again - And Joe-Jobbed? Dude VanWinkle (Jan 08)
- Re: U.S.-Based Chinese Dissident Website DDoS'd Again - And Joe-Jobbed? Dude VanWinkle (Jan 08)