Re: I wrnd u abt ths ...

[Michael Graham <jmgraham () gmail com>]

Yea, it's the beginning of side channel social networking attacks, and there
really isn't anything you can do about it.  Your users are not going to
ignore links from their buddies on twitter or facebook or whatever those
damn kids are using these days.  They could even confirm that there was a
link intended before clicking through (not that they would, but if they did,
it still wouldn't protect them).
You're either going to have to have perfect patching processes and stack
protection on every client, or you're going to have to start treating your
user space as inherently hostile.


On Thu, Jun 18, 2009 at 4:45 PM, Rich Kulawiec <rsk () gsp org> wrote:

> On Thu, Jun 18, 2009 at 12:04:55PM -0800, Rob, grandpa of Ryan, Trevor,
> Devon & Hannah wrote:
> > Hackers managed to hijack some 2.2 million links posted through the URL
> > shortening service Cligs, redirecting the links to a single page.
>
> This will only get worse: URL-shortening services are abuse magnets, and
> none of them have the enormous resources that it would take to detect
> and remedy that abuse before it becomes rampant.  So even if we credit
> them with the best of intentions (and mostly, I don't) they're going
> to fail.
>
> ---Rsk
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.