Comments on: Every Link You Click is Dangerous

By: Aodhhan

Aodhhan — Wed, 03 Jun 2009 16:47:37 +0000

Perhaps not tap into a PC, the unfortunate truth is how people use the same username and password for many different places where they must authenticate. A little bit of social engineering, or pulling their browser list can go a long way.

By: pdp

pdp — Wed, 01 Apr 2009 23:49:41 +0000

it is hard to say :)

By: mellow

mellow — Mon, 30 Mar 2009 13:18:52 +0000

Sometimes I notice this behavior when logging in at my hotmail account. I’m quite sure I typed my password like it should but it says wrong password. When I type it in again, I’m in. Could it be possible that their login page mail.live.com is compromised?

By: shuli Totoy

shuli Totoy — Sun, 01 Mar 2009 06:38:11 +0000

Asprox is also a silent website defacement. These worms utilize innocent web surfers’ PC’s to Google after vulnerable web sites. Once a list of suspects has been compiled, automatic signature-evasive Blind Sql Injection attacks are blindly shot at every GET / POST parameter within the web application.

By: pdp

pdp — Fri, 27 Feb 2009 08:11:24 +0000

don’t know! I haven’t been following Mozie’s research. but if this is the case than his stuff are based on an old technique previously discussed on this blog and mozilla’s bugzilla.

By: Oper8or

Oper8or — Fri, 27 Feb 2009 05:04:26 +0000

What you speak is complete truth. What makes it evne more dangerous is that the GP pays no attention to the surrounding inputs the shell itself gives. It answers questions for you and shows you if something has changed. In most cases a simple glance at the browser directory, or even the source, will reveal what has happened. Some times I feel overly cautious. Then upon reading this I realize I’m not.

By: marc

marc — Thu, 26 Feb 2009 11:10:27 +0000

What is the difference with this weakness and attack and the one described by Moxie Marlinspike during the last BH Washington ? Effects and step by step operations seems to be very close between those to hacks
Tnks