Re: Dark side of bookmarks

["Memisyazici, Aras" <arasm () vt edu>]

MustLive:

I really don't want to start a flame-war nor am I trying to belittle you or your work but...

Your "article", unless I misunderstood, is useless. To explain further, your article lacks substance. For instance you 
state: "could be used in DoS attack for browsers" yet you provide no working PoC/example(s)

What about mitigation? What about prevention?

No offense but scare-tactics don't help ANYBODY... As a sysadmin, I would've appreciated some more details or at least 
some answers to my questions above! :)

In any case, thank you for putting together such an entry and look forward to your continued, hopefully improved 
research results!

Sincerely,
Aras 'Russ' Memisyazici
Systems Administrator
Virginia Tech

----------------------------------------------------------------------

Date: Sat, 31 Oct 2009 23:24:50 +0200
From: "MustLive" <mustlive () websecurity com ua>
Subject: [Full-disclosure] Dark side of bookmarks
To: <full-disclosure () lists grok org uk>
Hello participants of Full-Disclosure!

After my articles about different attacks via redirectors - Redirectors: the
phantom menace (http://websecurity.com.ua/3495/) and Attacks via closed
redirectors (http://websecurity.com.ua/3531/), here is my new article. This
time about attacks via bookmarks. In article Dark side of bookmarks
(http://websecurity.com.ua/3643/) I'll tell you about risks of bookmarks in
browsers.

There are possible next attacks via bookmarks:

1. Spam.
2. Phishing.
3. Malware spreading.
4. DoS attacks.

You can read the article Dark side of bookmarks at my site:
http://websecurity.com.ua/3643/

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/