Exploit Code Hiding in Cache Servers?

["Fergie" <fergdawg () netzero net>]

Via NetworkWorld.

[snip]

Malicious code is living on weeks after it has been removed from Web
sites thanks to an unexpected culprit: cache servers.

According to Finjan Software, which has just released its latest Web
trends report, caching technology used by search engines, ISPs and
large companies has been discovered to harbor certain kinds of
malicious code even after the Web site that hosted it has been taken down.

Such "infection-by-proxy" code can remain in caches for as long as two
weeks, giving it a "life after death" at a time it would conventionally
be assumed to have been neutralized. Although caching does not always
save copies of everything on a Web site, it will still store code
embedded in html, including programming formats such as Javascript.

[snip]

More:
http://www.networkworld.com/news/2006/101206-exploit-code-hiding-in-cache.html

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.