The Cache: Technology Expert's Forum
 
Home Help Search Login Register  RSS for SEOIdiot
*
Welcome, Guest. Please login or register.
Did you miss your activation email? 		May 22, 2013, 12:46:03 PM

Login with username, password and session length


Home (Index)
Level 1 Cache: General Discussion
All Things General Tech
Security talk
Pages: [1]
« previous next »
  Print  
Author Topic: Security talk  (Read 1339 times)
JasonD
Expert
****
Offline Offline

Posts: 100


View Profile
« on: October 04, 2007, 03:30:25 AM »
Seeing the Apache vuln thread I wondered if others are also interested in security talk ?

I am deeply into the "reverse engineering with a goal" method of thinking, and generally that goal is to get visitors to a site to do something for me. The biggest hurdle to this is normally the cross domain policies that are in force for Ajax style comms.

On that note, and to start discussions off, I wonder if any of you have played with the old (partially patched) mhtml: flaw in IE and if so your thoughts with it ?

Code:
mhtml:http://www.theregister.co.uk

Ask one of your IE using visitors to get that page for you Smiley

And to keep Perk scared, IPhones' and other Safari based browsers aren't much better !

Code:
http://www.businessinfo.co.uk/labs/SafariBetaZeroDay/safaribetazeroday.html
Logged
vsloathe
vim ftw!
Global Moderator
Lifer
*****
Offline Offline

Posts: 1669



View Profile
« Reply #1 on: October 04, 2007, 09:12:14 AM »
I think pretty much the best thing ever was when IE would execute code stored in images. I pretty much gave myself root to a shitload of boxes that day. Looking back, not very smart. At the time though, I thought it was rather clever, since the first thing I did was to implement some sneaky changes to the HOSTS file and a little DNS/ARP poisoning. You can probably fill in the blanks here as to how to make money with those methods.

Sorry, your mention of that mhtml vulnerability brought back some memories.

EDIT: Er...root...sorry - "admin" as windows calls it.
Logged
hai
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10009



View Profile
« Reply #2 on: October 04, 2007, 09:23:15 AM »
LOL @ JD - the iPhones do have some well documented potential vectors, but thus far you'd have to do some somewhat extraordinary things on both my side and their side to break in.

eWeek also had a pretty scathing article about the potentials for hacking, but their proclivities are well known: just today I got the article "Blackberry 8820 a Dream Device" right after I got the "iPhone is massive security risk" email. They're like the Republicans of technology  ROFLMAO

But I'm also good with discussions about security, provided we don't publicly cross any lines that would be unseemly. If there's something too edgy I'll place it ... "Up There" Wink

/p
Logged
It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
JasonD
Expert
****
Offline Offline

Posts: 100


View Profile
« Reply #3 on: October 04, 2007, 09:35:08 AM »
The gig 89a image thing was wonderful Smiley

Perk - got ya
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks

Valid XHTML 1.0! Valid CSS!