Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
We've had a computer in that role for years, this was the first time it
had been compromised in all that time, running under that same
methodology. If I had given it enough time the IDS in the firewall would
have locked it to the network it was in and not let it have Internet
access, so there was no real danger of spewing crap on the net for very
This was a sacrificial computer, we keep a ghost image of it on a USB
drive so that we can restore it as needed - it's not like the machine is
used by people that can't spot the signs....
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
firstname.lastname@example.org (remove 999 for proper email address)
A malicious website can host a wide variety of exploits covering many
different clients. The way to get the user to visit the site varies
(some using script), but this was just a misstep that landed Leythos in
a bad place (with the keys to the machine dangling out of his pocket).
Sometimes the user's choice of client only changes the website's choice
That link merely describes the theoretical nature of browsing dangers.
affecting grossly under-protected systems or extremely careless users.
I wonder if there's any real danger out there to a hardened system?
I'm still waiting on someone to put up a link that my system can't handle.
I assumed the poster only wanted information. The fact is that the
browser itself acts as a window for other programs that also consume
data from a webpage, so even if the browser itself isn't attacked (or
abused in the case of scripting or media extensions) it still
participates in the attack vector. Exploits on webpages aren't entirely
limited to scripting exploits - although that is probably the lion's
Probably not, but there's always new stuff coming all the time. I used
to be able to send a metarefresh to the con/con bug in an e-mail, just
because that is no longer possible does not mean something else like it
won't be possible in the future. Even security programs (parsing the
HTML prior to the browser getting it) could conceivably be attacked if
they mishandle the data.
I always had scripting disabled in earlier Windows versions (I
considered scripting to be extending programming rights on my machine to
unknown parties), now I just take my chances with the timeliness of
patches for zero-day exploits.
It would be at the least, irresponsible for anybody in antimalware to place
any link that could harm your computer intentionally. Some things, you will
have to locate on your own; if thats really your wish.
Dustin Cook [Malware Researcher]
MalwareBytes - http://www.malwarebytes.org
BugHunter - http://bughunter.it-mate.co.uk
Dustin Cook wrote:
I'm not looking to harm my system, but merely offering a bluff for someone so
inclined to call it, and I suspect you well understand the sarcastic smart ass
nature of such.
To be simplistic, I could do more damage with readily available hand tools
than any set of code could ever hope to. I'm a retired electronic tech that
has spent enough time online to adopt the arrogance of today's youth. ;-)
I just had an image of you sitting there all smug with a text-only
browser - just daring anyone to post a malicious link. :oD
There was a site some time ago that hosted every exploit they knew to
crash the visitor's machine - a test site that explained what was being
tested for and allowed the user to decline if so desired. Also, another
site on that domain that did the same thing only not so nicely. Having
never used a text only browser, I wouldn't know how affected it would be
by the malformed or oversized font file exploits.
Still, your computer consumes data, and that data can be maliciously
other crap as well, just doesn't swallow everything it tastes.
I think there was a netfarmers or, something like that, site
that would wreak havoc on early browsers.
Maybe a better or more accurately defined 'consumption' would be in order.
Just utilizing such data doesn't necessarily have to be destructive regardless
of how it's crafted. Like why welders have such thick gloves, to exert
influence, yet not be too influenced, by a rivet.
Opera v10.10 (latest freebie)
Sandboxie v3.40 (didn't like v3.42)
Foxit v3.1.1.0928 (latest freebie)
...and just in case
OB1 v3.5d (really bullet proof since 2006)
Data destined by the consumer program's design to be translated and
interpreted as program code (a browser extension that runs scripts for
example), is the most obvious consumption. Such code can do something
undesired by using or abusing functions. Data destined by design to be
consumed as data only can influence program flow in undesired ways as
well, especially if there are flaws in the consuming program that allows
the data to be interpreted as code. Even if the data isn't interpreted
as code, it can be used by the consuming program as input (for address
arithmetic for example) which can result in DoS conditions like hanging
or crashing the program or the OS by memory corruption.
Data crafted as a simple DoS attack, while unsophisticated, would still
be exploit based malware.
No, it doesn't have to be. The thing is that data coming in often gets
consumed by more than just the program that the user thinks is consuming
it. There are often many opportunities to mishandle data.
Like when it is assumed that the data will only be treated as data (as
designed) but vulnerabilities exists (malicious font files) or it is
misunderstood that an assumed data filetype has the ability to execute
code by design.(WMF).
Sites that host exploit based malware could have a detrimental effect on
a system where the user thinks he can go anywhere and click on anything
because he uses a "secure" browser. Exploits such as the one discussed
here http://seclists.org/bugtraq/2009/Jul/91 could still ruin your day.
Ruin whose day?
Went and checked,
they're talking about MSIE.
Now, kindly show me the way to an actual threat to a 'secure' browser.
I'm not saying none exist,
just would like to know the limits to my system
so I can tweak my config if needed.
- » Kaspersky & Mcafee suits still available (free - 11/28/09) on-line.
- — Next thread in » Anti-Virus Software
- » Laptop Hijacked by "Control Center Best PC Health components"; no safe mode, no task man...
- — Previous thread in » Anti-Virus Software