Comments on: Browser Rootkits

By: shabnam

shabnam — Sat, 15 Mar 2008 19:39:35 +0000

Great! thanks :)

By: Sicurezza, ICT ed altro » Blog Archive » Browser rootkits

Sicurezza, ICT ed altro » Blog Archive » Browser rootkits — Thu, 01 Nov 2007 16:16:35 +0000

[...] post ben scritto che mette ancora una volta in evidenza la criticitÃ dei browser, che qui vengono [...]

By: è‰¾å…‹ç´¢å¤«å¯¦é©—å®¤ » RE:RE: Browser Rootkits

è‰¾å…‹ç´¢å¤«å¯¦é©—å®¤ » RE:RE: Browser Rootkits — Mon, 29 Oct 2007 16:25:08 +0000

[...] “Browser Rootkits” ä½œç‚ºé—œéµå—, å¯ä»¥åœ¨ Google è£¡é¢æ‰¾åˆ° ä¸€ç¯‡ Protect your browser: Browser rootkits, Virtual appliances and Network Admission Control , è£¡é¢æåˆ°çš„å¹¾å€‹è§€å¿µ, å’Œæˆ‘çš„æƒ³æ³•ä¸è¬€è€Œåˆ. [...]

By: è‰¾å…‹ç´¢å¤«å¯¦é©—å®¤ » RE: Browser Rootkits

è‰¾å…‹ç´¢å¤«å¯¦é©—å®¤ » RE: Browser Rootkits — Thu, 25 Oct 2007 06:06:55 +0000

[...] ç™¼äº†ä¸€ç¯‡æ–‡ç« ä»‹ç´¹äº† Browser Rootkits; Joanna çš„å›žæ‡‰æ˜¯Thoughts On Browser [...]

By: hackathology

hackathology — Thu, 18 Oct 2007 13:33:14 +0000

Great article pdp

By: Gustavo Bittencourt

Gustavo Bittencourt — Thu, 18 Oct 2007 02:35:44 +0000

This article is really interesting. With its inspiration, I wrote an article about Browser Botnets: http://english.gustavobittenco.....tnets.html

Thank you
Gustavo Bittencourt

By: Inseguridad a nivel del navegador | Share the information

Inseguridad a nivel del navegador | Share the information — Wed, 17 Oct 2007 23:56:44 +0000

[...] a colaciÃ³n este tema gracias a un artÃculo de dpd colocado el dÃa de ayer en Gnucitizen llamado Browsers Rootkits y quice hablar del tema dado que realmente la seguridad muchas veces no es tan detallista como se [...]

By: Liquidmatrix Security Digest » Security Briefing: October 17th

Liquidmatrix Security Digest » Security Briefing: October 17th — Wed, 17 Oct 2007 10:38:03 +0000

[...] Browser Rootkits [...]

By: pdp

pdp — Tue, 16 Oct 2007 22:06:10 +0000

Hugh, unfortunately that cannot be done on our side, but you can easily modify your browser settings to server your needs.

By: Hugh Mungus

Hugh Mungus — Tue, 16 Oct 2007 21:33:21 +0000

I wonder if it might be possible to make the text font color a shade darker. That way, it will be impossible to read your blog at all.

By: Chris

Chris — Tue, 16 Oct 2007 16:11:14 +0000

I look forward to seeing some of this talk put into action.

By: Web TarayÄ±cÄ±larÄ± iÃ§in Rootkit « eren@home ~ $

Web TarayÄ±cÄ±larÄ± iÃ§in Rootkit « eren@home ~ $ — Tue, 16 Oct 2007 15:17:13 +0000

[...] TarayÄ±cÄ±larÄ± iÃ§in Rootkit 16 10 2007 Petko D. Petkov blogunda yayÄ±nladÄ±ÄŸÄ± yazÄ± insanÄ± bu konuda gerÃ§ekten dÃ¼ÅŸÃ¼ndÃ¼rmeye yÃ¶neltiyor. ÃœzgÃ¼nÃ¼m ki metnin tamamÄ±nÄ± [...]

By: Sp0oKeR

Sp0oKeR — Tue, 16 Oct 2007 13:49:35 +0000

I think metafisher is kind of that already . It’s for IE and use Hel Objects if I’m not wrong.
Nice post.

Regards,

Sp0oKeR

By: pdp

pdp — Tue, 16 Oct 2007 13:26:05 +0000

can I ping you privately? or you can ping me privately with the information provided on the contact page. cheers :)

By: fazed

fazed — Tue, 16 Oct 2007 13:19:36 +0000

Nice write up, I agree that they will become more common place in the future. You could combine it with a browser exploit for your point of access and drop A exe which overwrites the browser.jar file with your own code. sorry if thats a bit off-topic. would you be interested in giving a talk about it on the upcomming darkstar e-conference?

-fazed

By: pdp

pdp — Tue, 16 Oct 2007 12:41:28 +0000

Jipe, you are right… the hidden field only works if you install the extension globally but as you suggested it is trivial to overlay the addons windows and as such remove the presence of the extension from the list.

By: Jipe

Jipe — Tue, 16 Oct 2007 12:06:29 +0000

Regarding the hidden capabilities of firefox extensions.

The hidden field of the install manifest only works for extensions installed in a restricted access area (so it does not work for add-ons installed in the profile).

However, as an extension extends the browser it will be trivial to it to remove itself from the extension list (just browse the list and remove the one which match the extension name)…