Full Disclosure mailing list archives
Re: Apple IOS security issue pre-advisory record
From: rackow () anl gov
Date: Fri, 23 Mar 2012 22:03:18 -0500
From: john doe <ninjaobsessed () gmail com> Subject: [Full-disclosure] Apple IOS security issue pre-advisory record Advisory Disclosure MD5: e29e5501dc2ca4d5fc06855762b14393 Abstract <http://tinyurl.com/8xq2xcq>
There are so many things wrong with this that the 300 should have been concerned about the possibility of a spoof or worse. You'd think it would slow things down to some degree. Still was it really 300? The person behind this doesn't KNOW that 300 people clicked. All they have is that their site got that many hits. Some details could be pulled out of those clicks, but the results could easily be skewed. Of the 300, could you tell what caused, in this case the "vote". I'm NOT saying that 300 people didn't click, just there should be lots of concerns about what that really means. Of the 300 that clicked, how many or few were done using IE from an account with admin privs vs how many with firefox and no-script/no-flash/adblock enabled? How many via wget or curl? This would be much more interesting that just 300 people having "clicked". Just because someone "clicked" does not mean that anything was executed. Even if it was executed, did it happen from something vulnerable or was it something downloading to see what was at the other end? Finally if it ran, did it live long enough to do "damage" or run on something where interesting data was even possible? For example, part of my job entails checking out questionable email for my user community. Sometimes it's benign. Sometimes it's a a phishing malware. To make life easier in testing this, I've created a few scripts that I can just drop a link into and get the results. The script has the capability to distribute the job to several different machines and pull down the data. It does several tests on the page. To a server, it could look like it was coming from a XP, W7, MacOS, or several linux platforms. The script makes very good use of test and burn virtual machines. (copy the base vm image, run the test, get results, purge the running image) Depending on options, it could appear as 1 person clicking or many more from different machines and nets. Let's not forget there are others on the test security lists this message was sent to that probably fall into the testing set as well for some of the various appliance (barracuda, ironport) or software (Antivirus/malware/phishing, clamav, avg, postini) vendors. No idea on how many or what anyone has done with testing the link provided. --Gene /~\ The ASCII Gene Rackow email: rackow () anl gov \ / Ribbon Campaign Cyber Security Office voice: 630-252-7126 X Against HTML Argonne National Lab / \ Email! 9700 S. Cass Ave. / Argonne, IL 60439 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Apple IOS security issue pre-advisory record john doe (Mar 23)
- Re: Apple IOS security issue pre-advisory record adam (Mar 23)
- Re: Apple IOS security issue pre-advisory record john doe (Mar 23)
- Re: Apple IOS security issue pre-advisory record Gary Baribault (Mar 23)
- Re: Apple IOS security issue pre-advisory record adam (Mar 23)
- Re: Apple IOS security issue pre-advisory record Dave (Mar 23)
- Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 23)
- Re: Apple IOS security issue pre-advisory record Dave (Mar 23)
- Re: Apple IOS security issue pre-advisory record john doe (Mar 23)
- Re: Apple IOS security issue pre-advisory record Michal Zalewski (Mar 23)
- Re: Apple IOS security issue pre-advisory record Dave (Mar 23)
- Re: Apple IOS security issue pre-advisory record rackow (Mar 23)
- Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 23)
- Re: Apple IOS security issue pre-advisory record Dave (Mar 24)
- Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 24)
- Re: Apple IOS security issue pre-advisory record Dave (Mar 24)
- Re: Apple IOS security issue pre-advisory record IA64 LOL (Mar 26)
- Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 26)
- Re: Apple IOS security issue pre-advisory record adam (Mar 23)
- Re: Apple IOS security issue pre-advisory record Charlie Derr (Mar 26)
- Re: Apple IOS security issue pre-advisory record coderman (Mar 26)
- Re: Apple IOS security issue pre-advisory record john doe (Mar 24)
- Re: Apple IOS security issue pre-advisory record fulldisclosure (Mar 26)