nanog mailing list archives
Infection vectors
From: Charles N Wyble <charles () knownelement com>
Date: Mon, 15 Aug 2011 10:55:17 -0500
On 08/15/2011 10:31 AM, Steven Bellovin wrote:
On Aug 15, 2011, at 10:12 21AM, Randy Bush wrote:I've always wondered if the next cisco/juniper 0 day will be delivered via a set of exploits delivered via a link posted to NANOG. :) Maybe I'll do a talk at DEFCON next year about that.more likely a 'shortened' url. how anyone can click those is beyond me.I'm curious what your objection is. Mine is privacy -- the owner of the shortening site gets to see every place you visit using one of those.
That's why I have my own url shortening service using yourls. (http://yourls.org/)
I don't think there's a significant incremental security risk, because the URL you click on doesn't tell you what you'll receive in any event.
Exactly.
Case in point: https://www.cs.columbia.edu/~smb/SMBlog-in-PDF.pdf does *not* yield a PDF. (As far as I know, it's a completely safe URL to click on, but I can't guarantee that someone else didn't hack my site. I, at least, haven't put any nasties there.)
Or so you claim! :) And a PDF file is a particularly potent infection vector. It would be interesting to put up a PDF (say OSPFvsISIS.pdf or WhyAnyoneWhoIsn'tNamedOwenHasRottenv6Ideas.pdf) with an exploit. This exploit could be a toe hold, which grabs other malware, opens reverse remote shell etc. If one is targeting very long term exploitation at mass scale, sitting in the network control plane for a long period of time is a large factor. And if one entices operators to download malware , the first step of most attacks (elevating privileges) is often much easier (certainly faster, as operators doing something privileged is a regular occurrence).
Given the rate of hacking -- is anyone really safe from a determined amateur attack,
Maybe.
let alone state-sponsored nastiness? -- and given the amount of third-party content served up by virtually all ad-containing site, you really have no idea what you're going to receive when you click on any link.
Yep. I see hacked ad content every single day.
Current thread:
- Re: How long is your rack?, (continued)
- Re: How long is your rack? Joe Greco (Aug 14)
- Re: How long is your rack? Charles N Wyble (Aug 14)
- Re: How long is your rack? Randy Bush (Aug 15)
- Re: How long is your rack? Leo Bicknell (Aug 15)
- Re: How long is your rack? Steven Bellovin (Aug 15)
- Re: How long is your rack? Randy Bush (Aug 15)
- Re: How long is your rack? Dave CROCKER (Aug 15)
- Re: How long is your rack? Matthew Palmer (Aug 15)
- Re: How long is your rack? David Miller (Aug 15)
- Re: How long is your rack? Greg Ihnen (Aug 15)
- Infection vectors Charles N Wyble (Aug 15)
- Re: How long is your rack? Valdis . Kletnieks (Aug 15)
- Re: How long is your rack? Charles N Wyble (Aug 14)
- IPv6 Real World Maturity (was re: How long is your rack?) Tim Wilde (Aug 14)
- Re: IPv6 Real World Maturity (was re: How long is your rack?) Paul Graydon (Aug 14)
- Re: IPv6 Real World Maturity (was re: How long is your rack?) Owen DeLong (Aug 14)
- Re: IPv6 Real World Maturity (was re: How long is your rack?) Tim Wilde (Aug 15)
- Re: IPv6 Real World Maturity (was re: How long is your rack?) Owen DeLong (Aug 15)
- Re: IPv6 Real World Maturity (was re: How long is your rack?) Cameron Byrne (Aug 15)
- Re: IPv6 Real World Maturity (was re: How long is your rack?) Charles N Wyble (Aug 14)
- Re: IPv6 Real World Maturity (was re: How long is your rack?) Doug Barton (Aug 16)