Comments on: MPack – The Movie http://www.gnucitizen.org/blog/mpack-the-movie/ Information Security Think Tank Sat, 02 Feb 2013 17:50:40 +0000 hourly 1 http://wordpress.org/?v=3.4.1 By: pdp http://www.gnucitizen.org/blog/mpack-the-movie/comment-page-1/#comment-32127 pdp Tue, 26 Jun 2007 21:00:06 +0000 http://www.gnucitizen.org/blog/mpack-the-movie#comment-32127 interesting idea rootkid. interesting idea rootkid.

]]> By: rootkid http://www.gnucitizen.org/blog/mpack-the-movie/comment-page-1/#comment-32067 rootkid Tue, 26 Jun 2007 17:51:24 +0000 http://www.gnucitizen.org/blog/mpack-the-movie#comment-32067 Actually, it's not necessarily the webserver that has to be compromised/infected. A proxy server would certainly be a more powerful attack base. Actually, I developed an "in-line" browser exploit years ago, which could be deployed in an internal network, working as a proxy for all outgoing http request (if needed, after executing a MITM attack to redirect the network stream). I injected the exploit only once for a certain (or all) websites, that way the user or administrator could be compromised even if he/she only surfed "trustworthy" sites. Of course, compromising a proxy is alway a major security breach, but I think injecting malicious mobile code certainly multiplies the amount of attackable clients. Of course, that way the attacker does not have to make use of an IFRAME anymore. I wouldn't be surprised if proxy servers become more and more the aim of large-scale attacks very soon. Actually, it’s not necessarily the webserver that has to be compromised/infected. A proxy server would certainly be a more powerful attack base. Actually, I developed an “in-line” browser exploit years ago, which could be deployed in an internal network, working as a proxy for all outgoing http request (if needed, after executing a MITM attack to redirect the network stream). I injected the exploit only once for a certain (or all) websites, that way the user or administrator could be compromised even if he/she only surfed “trustworthy” sites. Of course, compromising a proxy is alway a major security breach, but I think injecting malicious mobile code certainly multiplies the amount of attackable clients. Of course, that way the attacker does not have to make use of an IFRAME anymore.
I wouldn’t be surprised if proxy servers become more and more the aim of large-scale attacks very soon.

]]> By: pdp http://www.gnucitizen.org/blog/mpack-the-movie/comment-page-1/#comment-30950 pdp Fri, 22 Jun 2007 20:19:39 +0000 http://www.gnucitizen.org/blog/mpack-the-movie#comment-30950 most definitely man, are you interested to become GNUCITIZEN guest blogger over here on this subject? most definitely man, are you interested to become GNUCITIZEN guest blogger over here on this subject?

]]> By: Steven http://www.gnucitizen.org/blog/mpack-the-movie/comment-page-1/#comment-30922 Steven Fri, 22 Jun 2007 17:05:26 +0000 http://www.gnucitizen.org/blog/mpack-the-movie#comment-30922 Yep I am very familiar with that as iframe's have been used for exploits for years now. I just find it funny that the same old things get recycled and treated as new. I guess it's good for those that might have missed it or didn't get it before. Yep I am very familiar with that as iframe’s have been used for exploits for years now. I just find it funny that the same old things get recycled and treated as new. I guess it’s good for those that might have missed it or didn’t get it before.

]]> By: pdp http://www.gnucitizen.org/blog/mpack-the-movie/comment-page-1/#comment-30863 pdp Fri, 22 Jun 2007 14:51:32 +0000 http://www.gnucitizen.org/blog/mpack-the-movie#comment-30863 steven, precisely, the iframe in this case is a 0width 0height window/frame that downloads any exploit within the browser context without moving the user away from the current view. This is very sneaky since the user doesn't really know what is going on, unless they follow the messages inside the status bar. steven, precisely,

the iframe in this case is a 0width 0height window/frame that downloads any exploit within the browser context without moving the user away from the current view. This is very sneaky since the user doesn’t really know what is going on, unless they follow the messages inside the status bar.

]]> By: Steven http://www.gnucitizen.org/blog/mpack-the-movie/comment-page-1/#comment-30854 Steven Fri, 22 Jun 2007 14:39:45 +0000 http://www.gnucitizen.org/blog/mpack-the-movie#comment-30854 I think I am actually going to write something about this soon as I keep hearing it over and over. There isn't really an "iframe" exploit. Someone might make a virtually-invisible iframe reference to another page that houses exploit code, however, this is not an exploit with iframes. If you're running unpatched software (and usually as an administrator) , that is why you got owned. Te iframe is simply how they pulled in the exploit code from the third party site. I think I am actually going to write something about this soon as I keep hearing it over and over. There isn’t really an “iframe” exploit. Someone might make a virtually-invisible iframe reference to another page that houses exploit code, however, this is not an exploit with iframes. If you’re running unpatched software (and usually as an administrator) , that is why you got owned. Te iframe is simply how they pulled in the exploit code from the third party site.

]]>