Information Security Think Tank
This morning I spotted several blog posts mentioning that Twitter has been hit by yet another XSS worm.
There is no merit in discussing how this has been done and for what purposes but this incident is yet another proof that the attack landscape is rapidly changing and moving towards web enabled infrastructures and the client-side. [...]
WiFi networks are the necessary evil. In this post I would like to briefly highlight some ideas on the potential damages that can be introduced when attackers combine automated viral-like attacks with human power. This post is largely related to the wifi worms topic that was quite present among all media outlets at the beginning of 2008. [...]
First of all I need to let you know that it is not within our practice to disclose vulnerabilities on specific online applications. However, given the fact that Pownce, the vendor, was responsibly informed and the fact that we believe that the issue is interesting enough to be discussed, we’ve decided to let you know about our findings. [...]
Yep, Orkut, Google’s Social Network, was hit by a XSS worm, the source of which you will be able to find at the bottom of this post. To be honest with you, it was about time. The trend for infecting social networks with Web2.0 malware will continue to increase during the following years. This is for sure! The simple fact is that social networks collect a lot of personal information which attackers can easily harvest for their own benefit. [...]
There is a trivially exploitable XSS vul on Google Urchin Web Analytics 5‘s login page. The vulnerability has been tested on versions 5.6.00r2, 5.7.01, 5.7.02 and 5.7.03 (latest). Previous versions are most likely to be affected as well. In case you didn’t know, Google Urchin is the install version of Google Analytics.
I reported the issue to Google back on Jul 25 and was confirmed by their security team. They are now working on a fix. [...]
How to XSS is often the topic of conversation among security professionals; however, the reason or motivation for why an attacker might want to exploit an XSS vulnerability is often limited to stealing cookies or hijacking credentials. This post takes an almost sensationalist point of you as we take you on a journey to a possible web 2.0 XSS worm armed with an Ad-Jacking payload; an attack I introduced a short time ago. [...]
On 6th February 2007, I’ve published an article titled Playing in Large, which discusses various ways of injecting large JavaScript payloads into tiny XSS holes. The technique that I used as an example is quite simple. In general, all attackers need to do is to place their malicious payload behind the fragment identifier (# sign) and evaluate it within the attacked application context. This can be achieved by using something like this: eval(location.hash.substr(1)). [...]
NTPolicy is some of ntp’s ideas around mitigating XSS worm potential. He reflected these ideas as a response to our post, "The Generic XSS Worm" where we reached out to the community to brainstorm ideas to solve the XSS crisis. I have summaried his thoughts below in a bullet-list with my comments beneath.
For clarity, we obviously mean implementing this a layer above the current same-origin-policy or else XSS or future attacks may be used to circumvent these controls. [...]
XSS Attacks – Cross Site Scripting Exploits and Defence is a book project that I was involved into, together with Jeremiah Grossman, Robert RSnake Hansen, Anton Rager and last but not least, Seth Forgie – technical editor and coauthor. I must say, that the project was a lot of fun mashed with hard work and numerous sleepless nights. [...]
If you haven’t heard from RSnake‘s or JG‘s blogs yet, the long awaited XSS Attacks book will be out very soon and here I have the chance to present you with the way the cover will look like in addition to the TOC and a sample chapter. I hope that you find it useful. We’ve put a lot of effort into making this book possible. It is a quite good technical read so give it a try.
I would like to thank for the opportunity that has been given to me. [...]