Full Disclosure mailing list archives
Re: Apple IOS security issue pre-advisory record
From: Dave <mrx () propergander org uk>
Date: Sat, 24 Mar 2012 00:52:45 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 23/03/2012 23:26, Michal Zalewski wrote:
I find it very unfortunate that 300 supposed security professionals clicked on a hidden link like that without first checking what it was, or if not simply ignoring it like I did!!!So how do you meaningfully "check what it is" without actually requesting the document? And what's the difference between that post and a hidden <img> or <iframe> included on a less obvious website? /mz
I am not an expert so please, for my education, correct me if I am wrong. Is it not so much the request, but what the request is made with? Would not requesting with wget mitigate any attack? The source of the page and any scripts called by the page should be enough to ascertain whether the page is malicious or not. Dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBT20a3bIvn8UFHWSmAQJEGQf/RxQPvQqCeoblnoMedzWkcxxQSrTg722g oPSj02I+du/pX7YWBvX59435rpaPvVz4VIyS/uhrRqUXZYsJkry/1vmjTWv8boSm NV5R8gP0Q3lDv8Xpqc4Agj9l5P5jX0lj7oLu5rUApRydsw+7byoDQXmrZ/qYnxFt MkMd82RHqhKtKCogwlgLrjC4tCPG4v4ac4Y0LbHo9eeMAjS811JyQhngnBLyVHLj 5bdiJzdCmJgXaLDGC2jZm2DHBWATvAhtlW7Rk+/oFwPartQmAcIQ4vaX/KnOlIun iafi4v5WhzfUG5DFTjDcQZc3dqPcrYH0diGUcxNQveNCqXwo303omA== =5Li0 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Apple IOS security issue pre-advisory record john doe (Mar 23)
- Re: Apple IOS security issue pre-advisory record adam (Mar 23)
- Re: Apple IOS security issue pre-advisory record john doe (Mar 23)
- Re: Apple IOS security issue pre-advisory record Gary Baribault (Mar 23)
- Re: Apple IOS security issue pre-advisory record adam (Mar 23)
- Re: Apple IOS security issue pre-advisory record Dave (Mar 23)
- Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 23)
- Re: Apple IOS security issue pre-advisory record Dave (Mar 23)
- Re: Apple IOS security issue pre-advisory record john doe (Mar 23)
- Re: Apple IOS security issue pre-advisory record Michal Zalewski (Mar 23)
- Re: Apple IOS security issue pre-advisory record Dave (Mar 23)
- Re: Apple IOS security issue pre-advisory record rackow (Mar 23)
- Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 23)
- Re: Apple IOS security issue pre-advisory record Dave (Mar 24)
- Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 24)
- Re: Apple IOS security issue pre-advisory record Dave (Mar 24)
- Re: Apple IOS security issue pre-advisory record IA64 LOL (Mar 26)
- Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 26)
- Re: Apple IOS security issue pre-advisory record adam (Mar 23)
- Re: Apple IOS security issue pre-advisory record Charlie Derr (Mar 26)
- Re: Apple IOS security issue pre-advisory record coderman (Mar 26)
- Re: Apple IOS security issue pre-advisory record john doe (Mar 24)