[Eug-lug] Operating Systems.
Ben Barrett
stircrazyben at gmail.com
Tue Feb 20 10:52:26 PST 2007
Hmm, I have to say I'm not really much more scared about this than
as with any other web browsing. To the end-users I support, who are
just as likely to "accidentally" click on some bad email attachment or
"accidentally" surf into nether regions, there is little or no difference.
It *almost* appears as another attack vector, but not quite from what
I've seen. Now, if you start putting this crap in desktop widgets which
are sure to contain JS in some implementation, outside of a browser
entirely, then... well hum.
I'm confused about why you say this is so important, and yet also state
that real time scanning is over-rated. It appears that real-time scanning,
is the best way to catch (or at least observe) these malicious behaviours.
And I notice all proofs-of-concept, and even early exploits, have say sql
injections in the clear, so it seems like you could easily scan for things
that look like sql in traffic, but with JS it is so easy to wrap/unwrap
data.
Thanks for bringing this topic up -- future implications of AJAX, and
especially
the ways in which current trends are jut destroying some of the old-timey
web fundamentals, is just not discussed openly enough IMO.
If we started selling a car that drives on top of power lines, to avoid
traffic, then our audience could either be shocked or be busy building
elevated
parking spaces and new on-ramps. Sorry, I'm working on my pataphors! ;)
ben
On 2/20/07, Michael Miller <mike.mikemiller at gmail.com> wrote:
>
> Ya your right Ben, I should have posted a example or two.
>
> http://blogs.securiteam.com/index.php/archives/734
> http://www.gnucitizen.org/blog/google-search-api-worms
>
> I know there is a lot of hype out there about this. Some of this is
> just theory and some of it is or will be fact when some one releases
> another banner ad worm.
>
> -Miller
>
> On 2/20/07, Ben Barrett <stircrazyben at gmail.com> wrote:
> > Are you asking if we know that AJAX can do things that we should
> consider
> > scary?
> > (I think I agree... but...) How about giving a few examples of why we
> > should be
> > so scared? There are a LOT of folks who won't disable JS since it
> "breaks
> > the web"
> > almost as much (in their opinion) and unplugging network cables!
> >
> > thanks,
> >
> > ben
> >
> >
> >
> > On 2/20/07, Michael Miller < mike.mikemiller at gmail.com> wrote:
> > > Real time scanning is over rated in my book. The only time you need
> > > to scan items real time is when your receiving e-mail. If you turn
> > > off Active X and java script ( If you can. ) You should be fine. It's
> > > really scary what we can do with AJAX and Java script in the web
> > > browser. I'm sure most of you if not all know this. If you can do
> > > some in line scanning with your web traffic that is even better. I
> > > thinking about setting up Squid to use ClamAV to scan the banner Ad's
> > > along with everything else looking for malware and or militias
> > > content.
> > >
> > > -Miller
> > >
> > > On 2/16/07, Elijah Buck <elijah.buck at gmail.com> wrote:
> > > > FYI,
> > > >
> > > > clamav doesn't have a real-time scanner (that is, it only scans when
> you
> > > > schedule it to scan).
> > > >
> > > >
> > > >
> > > >
> > > > On 2/14/07, erock23175 at aol.com <erock23175 at aol.com> wrote:
> > > > >
> > > > >
> > > > > Just out of curiousity, how does AVG size up against Clam AV?
> > > > >
> > > > > -E
> > > > >
> > > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > EUGLUG mailing list
> > > > euglug at euglug.org
> > > > http://www.euglug.org/mailman/listinfo/euglug
> > > >
> > > >
> > > _______________________________________________
> > > EUGLUG mailing list
> > > euglug at euglug.org
> > > http://www.euglug.org/mailman/listinfo/euglug
> > >
> >
> >
> > _______________________________________________
> > EUGLUG mailing list
> > euglug at euglug.org
> > http://www.euglug.org/mailman/listinfo/euglug
> >
> >
> _______________________________________________
> EUGLUG mailing list
> euglug at euglug.org
> http://www.euglug.org/mailman/listinfo/euglug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://euglug.org/pipermail/euglug/attachments/20070220/6d1c0844/attac=
hment.htm
More information about the EUGLUG
mailing list