Comments on: Ghost Busters http://www.gnucitizen.org/blog/ghost-busters/ Information Security Think Tank Fri, 21 Nov 2008 21:24:22 +0000 http://wordpress.org/?v=2.6.3 By: w2Networks » Internet Explorer no restringe el acceso a marcos http://www.gnucitizen.org/blog/ghost-busters/#comment-123088 w2Networks » Internet Explorer no restringe el acceso a marcos Fri, 25 Jul 2008 13:51:59 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-123088 [...] Ghost Busters http://www.gnucitizen.org/blog/ghost-busters/ [...] [...] Ghost Busters http://www.gnucitizen.org/blog/ghost-busters/ [...]

]]> By: Ghost Busters: Zero-day flaw haunts Internet Explorer | Andrea Lazzari's blog http://www.gnucitizen.org/blog/ghost-busters/#comment-123086 Ghost Busters: Zero-day flaw haunts Internet Explorer | Andrea Lazzari's blog Fri, 25 Jul 2008 10:40:47 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-123086 [...] Ghost Busters | GNUCITIZEN [...] [...] Ghost Busters | GNUCITIZEN [...]

]]> By: Alok http://www.gnucitizen.org/blog/ghost-busters/#comment-122805 Alok Thu, 03 Jul 2008 10:24:55 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-122805 Nice wrk .. key loggers working with simple html pages. Nice wrk .. key loggers working with simple html pages.

]]> By: sirdarckcat http://www.gnucitizen.org/blog/ghost-busters/#comment-122722 sirdarckcat Sun, 29 Jun 2008 08:42:05 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-122722 @Foobar: > Caballero’s work is much greater than this. He can insert cross domain javascript etc… I dont think so.. but an interesting discovery, revealed that this one can also make stuff cross-domain ;) http://www.ph4nt0m.org-a.googlepages.com/PSTZine_0x02_0x04.txt So well.. yeah.. @Foobar:
> Caballero’s work is much greater than this. He can insert cross domain javascript etc…

I dont think so.. but an interesting discovery, revealed that this one can also make stuff cross-domain ;)

http://www.ph4nt0m.org-a.googl.....215;04.txt

So well.. yeah..

]]> By: Internet Explorer no restringe el acceso a marcos - Foro de Informatica para tod@s! -Necesitamos expertos en Photoshop ¿Te unes? http://www.gnucitizen.org/blog/ghost-busters/#comment-122712 Internet Explorer no restringe el acceso a marcos - Foro de Informatica para tod@s! -Necesitamos expertos en Photoshop ¿Te unes? Sat, 28 Jun 2008 07:38:39 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-122712 [...] Explorer fails to properly restrict access to frames US-CERT Vulnerability Notes Ghost Busters Ghost Busters | GNUCITIZEN Ghosts for IE8 and IE7.5730 sirdarckcat: Ghosts for IE8 and IE7.5730 Browser's Ghost Busters [...] [...] Explorer fails to properly restrict access to frames US-CERT Vulnerability Notes Ghost Busters Ghost Busters | GNUCITIZEN Ghosts for IE8 and IE7.5730 sirdarckcat: Ghosts for IE8 and IE7.5730 Browser’s Ghost Busters [...]

]]> By: Internet Explorer no restringe el acceso a marcos « SeMaToVe http://www.gnucitizen.org/blog/ghost-busters/#comment-122710 Internet Explorer no restringe el acceso a marcos « SeMaToVe Sat, 28 Jun 2008 07:13:19 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-122710 [...] Ghost Busters http://www.gnucitizen.org/blog/ghost-busters/ [...] [...] Ghost Busters http://www.gnucitizen.org/blog/ghost-busters/ [...]

]]> By: Venom23 http://www.gnucitizen.org/blog/ghost-busters/#comment-122709 Venom23 Sat, 28 Jun 2008 06:55:18 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-122709 I found a PoC link. Perhaps some reader is interested. http://raffon.net/research/ms/ie/crossdomain/string.html# I found a PoC link. Perhaps some reader is interested.

http://raffon.net/research/ms/.....ring.html#

]]> By: Zero Day mobile edition http://www.gnucitizen.org/blog/ghost-busters/#comment-122676 Zero Day mobile edition Thu, 26 Jun 2008 10:58:18 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-122676 [...] zero-day flaw, which has been reported to Microsoft, is a variation of Eduardo Vela’s IE Ghost Busters talk: Do you believe in ghosts? Imagine an invisible script that silently follows you while you [...] [...] zero-day flaw, which has been reported to Microsoft, is a variation of Eduardo Vela’s IE Ghost Busters talk: Do you believe in ghosts? Imagine an invisible script that silently follows you while you [...]

]]> By: ForumKral.Org » Blog Archive » Günlük Maceralar http://www.gnucitizen.org/blog/ghost-busters/#comment-122304 ForumKral.Org » Blog Archive » Günlük Maceralar Tue, 27 May 2008 20:46:15 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-122304 [...] - Manual Debian OpenSSL Predictable PRNG Toys Giving SQL Injection the Respect it Deserves Ghost Busters String Format - Made Simple OphCrack 3.0 in the wild The Ethics of Vulnerability Research [...] [...] - Manual Debian OpenSSL Predictable PRNG Toys Giving SQL Injection the Respect it Deserves Ghost Busters String Format - Made Simple OphCrack 3.0 in the wild The Ethics of Vulnerability Research [...]

]]> By: Вы верите в призраков? | Raz0r.name - блог о web-безопасности http://www.gnucitizen.org/blog/ghost-busters/#comment-122206 Вы верите в призраков? | Raz0r.name - блог о web-безопасности Thu, 22 May 2008 18:28:08 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-122206 [...] любопытный пост недавно появился на GNUCITIZEN. В нем рассказывается о [...] [...] любопытный пост недавно появился на GNUCITIZEN. В нем рассказывается о [...]

]]> By: Interesting Information Security Bits for May 16th, 2008 « Infosec Ramblings http://www.gnucitizen.org/blog/ghost-busters/#comment-122027 Interesting Information Security Bits for May 16th, 2008 « Infosec Ramblings Fri, 16 May 2008 18:04:22 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-122027 [...] has another good post up that takes a look at resident scripts and cross-domain issues using [...] [...] has another good post up that takes a look at resident scripts and cross-domain issues using [...]

]]> By: Foobar http://www.gnucitizen.org/blog/ghost-busters/#comment-122025 Foobar Fri, 16 May 2008 17:41:56 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-122025 Yah, Caballero's work is much greater than this. He can insert cross domain javascript etc... Yah,

Caballero’s work is much greater than this. He can insert cross domain javascript etc…

]]> By: pdp http://www.gnucitizen.org/blog/ghost-busters/#comment-122022 pdp Fri, 16 May 2008 17:13:52 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-122022 yes, excellent research and very interesting indeed. Will mention it tmrw at CONFidence. yes, excellent research and very interesting indeed. Will mention it tmrw at CONFidence.

]]> By: Awesome AnDrEw http://www.gnucitizen.org/blog/ghost-busters/#comment-122010 Awesome AnDrEw Fri, 16 May 2008 14:02:00 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-122010 Although I did not use the open method I did come up with something quite similar months ago for an example, which was able to capture the keystrokes placed within an IFRAME element in order to then transmit them back through images in order to provide a basic web key-logger. I do believe I read about this presentation on some other website, but no proof of concept was attached at the time. Nice work. Although I did not use the open method I did come up with something quite similar months ago for an example, which was able to capture the keystrokes placed within an IFRAME element in order to then transmit them back through images in order to provide a basic web key-logger. I do believe I read about this presentation on some other website, but no proof of concept was attached at the time. Nice work.

]]> By: tilki http://www.gnucitizen.org/blog/ghost-busters/#comment-121989 tilki Fri, 16 May 2008 10:14:40 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-121989 hi.. good ... :)the turkhackteam...!!! tirtil... hi.. good … :)the turkhackteam…!!! tirtil…

]]> By: .mario http://www.gnucitizen.org/blog/ghost-busters/#comment-121974 .mario Fri, 16 May 2008 07:39:39 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-121974 Awesome research and very good writeup, SDC. I wouldn't have expected anything but quality from you anyway ;) Greetings, .mario Awesome research and very good writeup, SDC. I wouldn’t have expected anything but quality from you anyway ;)

Greetings, .mario

]]> By: fragge http://www.gnucitizen.org/blog/ghost-busters/#comment-121961 fragge Fri, 16 May 2008 04:48:37 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-121961 Excellent post Eduardo ;) keylogging script from a hyperlink! wow. Excellent post Eduardo ;) keylogging script from a hyperlink! wow.

]]> By: echoHI http://www.gnucitizen.org/blog/ghost-busters/#comment-121957 echoHI Fri, 16 May 2008 04:11:34 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-121957 cool:) I will try to do the further work. cool:) I will try to do the further work.

]]> By: fazed http://www.gnucitizen.org/blog/ghost-busters/#comment-121932 fazed Thu, 15 May 2008 23:45:14 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-121932 nice work :) nice work :)

]]> By: Rewind http://www.gnucitizen.org/blog/ghost-busters/#comment-121901 Rewind Thu, 15 May 2008 20:04:45 +0000 http://www.gnucitizen.org/blog/ghost-busters/#comment-121901 I have thought about something of the kind (using onkeydown). My idea was to create a page which set web browser fullscreen, for hiding the real address bar, and remake it with an input balise. After that, you can control what you want, can't you ? I have thought about something of the kind (using onkeydown). My idea was to create a page which set web browser fullscreen, for hiding the real address bar, and remake it with an input balise. After that, you can control what you want, can’t you ?

]]>