Full Disclosure mailing list archives
Re: Apple IOS security issue pre-advisory record
From: Dave <mrx () propergander org uk>
Date: Sat, 24 Mar 2012 10:26:48 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24/03/2012 05:44, Valdis.Kletnieks () vt edu wrote:
On Sat, 24 Mar 2012 00:52:45 -0000, Dave said:I am not an expert so please, for my education, correct me if I am wrong. Is it not so much the request, but what the request is made with?It's a pretty safe bet that most of the 300 clicky-clicky types did *not* use wget to test what it was.Would not requesting with wget mitigate any attack?Well, assuming that the perpetrator doesn't have a 0-day for wget. ;)The source of the page and any scripts called by the page should be enough to ascertain whether the page is malicious or not."should" is the operative term. But that only works if the miscreant is lazy enough to point their link directly at the malicious content. If they're smart, they'll point at a page that looks legit, but loads Javascript from some 3rd party that loads more Javascript from a 4th party that that loads more crud from a server you've pwned. I've hit pages on mainstream websites with noscript enabled, and had 25+ different sites' Javascript blocked, and as you enable sites you just get *more* sites in the list. I just hit http://www.msnbc.msn.com, and NoScript blocked something from 2011.wimbleton.com. Malicious? Out of date? What *other* domains will that site end up loading *more* crud from? Who knows? Trying to sort this type of stuff out is part of the reason why drive-by pwning is so common - the fact that the page came from someplace reasonably trustable like the BBC or similar tells you *nothing* about where alll the content on the page came from.
Pretty much as I thought. I investigate some, (when not too busy) of the links in the unsolicited mails I receive and concur with what you have written here. I always browse with NoScript/adblock/cookie monster/Ref control enabled regardless of whether I think I can trust the site or not. I learned a long time ago to ditch Outlook/IE and only view email in plain text. I am curious and I do like to play with malware on a VM. I am also a novice, so perhaps I am over cautious. Then again, I think there is no such thing as over cautious when a great deal of the miscreants trying to own systems or phish for credentials are more knowledgeable than I. I just wish I had more time to study and research. Doesn't the the -e, robots=off, --page-requisites and -H wget directives enable one to collect all the necessary files that are called from a page? Cheers Dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBT22haLIvn8UFHWSmAQK0+Qf/ZnrC052vEWDlHGMT3bDt8RJiiGlVd7E1 IwnzmlnI549Ojw89vwxkcKsZDlMLmcEJ13peVfLYpanKEyau/3BW3zx/3ulfhvli ab0EdJfj0I3vlrEZgXLY7jmNOiJ50Fkm7IwC/9CjR7LSGFC5o9K9OWojc1gb6eN3 04wXMM588SX8njiSGx4Mtc+/VVNif1Jskkfgl58CvcA8DmFA3fyPMx7DtgxeiY08 XoEK6xJ41mQ9shFjkIkbeFGhHtWjunbQmcgGJixFcsBQvJrZF418XhRp7hAqdEhw BnQj2T4BixTdzHJzIeWEsn8nPId1n8V4hH3jW+h//+ev6U21+KCgpw== =DLjT -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Apple IOS security issue pre-advisory record, (continued)
- Re: Apple IOS security issue pre-advisory record john doe (Mar 23)
- Re: Apple IOS security issue pre-advisory record Gary Baribault (Mar 23)
- Re: Apple IOS security issue pre-advisory record adam (Mar 23)
- Re: Apple IOS security issue pre-advisory record Dave (Mar 23)
- Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 23)
- Re: Apple IOS security issue pre-advisory record Dave (Mar 23)
- Re: Apple IOS security issue pre-advisory record john doe (Mar 23)
- Re: Apple IOS security issue pre-advisory record Michal Zalewski (Mar 23)
- Re: Apple IOS security issue pre-advisory record Dave (Mar 23)
- Re: Apple IOS security issue pre-advisory record rackow (Mar 23)
- Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 23)
- Re: Apple IOS security issue pre-advisory record Dave (Mar 24)
- Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 24)
- Re: Apple IOS security issue pre-advisory record Dave (Mar 24)
- Re: Apple IOS security issue pre-advisory record IA64 LOL (Mar 26)
- Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 26)
- Re: Apple IOS security issue pre-advisory record Charlie Derr (Mar 26)
- Re: Apple IOS security issue pre-advisory record coderman (Mar 26)
- Re: Apple IOS security issue pre-advisory record john doe (Mar 24)
- Re: Apple IOS security issue pre-advisory record fulldisclosure (Mar 26)
- Re: Apple IOS security issue pre-advisory record Thor (Hammer of God) (Mar 26)
- Re: Apple IOS security issue pre-advisory record Aaron Toponce (Mar 26)