01-08-07

so you wanted to be a smart ass, security researcher

Some security researchers want to be the smartest guy on the bloc and show off with the tools that they are working or developing. Instead they should just keep them after blocked doors and keep them  secret and use them to secure their clients or networks. This is even more the case if those tools are on the borderline of security research and attack tools.

 

http://portal.spidynamics.com/blogs/spilabs/archive/2007/...  They had developed a tool that uses javascript (that you can place in any website) that would scan the pc's of the visitors on security holes. They wanted to show off  on a security conference but someone in the audience found the downloadlink between the slides and copied it and than it found its way on the internet. It seems not to be complete but it also seems very complete and could be used - if the non-realeased part is added - to collect information about the network behind the firewall from where the user is surfing. This is the latest attack vector and could be coupled with a new kind of malware that installs a reverse proxy on an infected computer behind a firewall so the attacker can reconnect to the machine and can try to find other machines. The infection of PC's behind a network firewall is just beginning to get media attention and it won't get better.

 

This is the presentation of JIKTO

These are links to the code  http://busin3ss.name/jikto-in-the-wild  (own risk - only for security researchers on their own domain) Is not complete.

12:57 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.