Cache Servers Keeping Exploit Code Alive 68
1960's architecture writes, "At last some evidence that exploit code is hiding on servers used to cache website content. According to Techworld, Israeli outfit Finjan has come up with evidence that real exploits have hidden on cache servers used by large search engines, effectively extending their life for periods of weeks after the original website had been taken down. The exploits detailed are from 2003-2004, but the principle would still apply to any exploit website around today, and any cache servers used by any one of the three unnamed search engines. It's almost literally malware 'life after death.'"
Re: (Score:2)
Because that's what you do with bits of history that you don't like.
Or you can take the easy way out and just revise it.
Re: (Score:2)
So let me get this straight (Score:3, Insightful)
Bravo! Bravo! Revolutionary thought!
Yes, and so what? Haven't you patched?! (Score:2)
Re: (Score:1)
Re: (Score:2, Insightful)
Re: (Score:2)
Re: (Score:2)
For a specific example, I use Squid + ClamAV both for at work and at a number of client sites for which I provide sysadmin support; every so often, the scan of the squid cache files finds an exploit being cached, and I can look that specific file up against the Squid logs, and identify which client machine was responsible for accessing the malware.
The next steps are to check the client machine and see whether it h
on with the slashdot mantra (Score:3, Funny)
Re: (Score:3, Interesting)
Results 1 - 10 of about 25
site:slashdot.org "i for one welcome our new" overlords
Results 1 - 10 of about 1,270
Still seems really low...
Re: (Score:1, Funny)
site:digg.com "i for one welcome our new" overlords
Results 1 - 10 of about 1,290
Re: (Score:2)
site: slashdot.org "in soviet russia"
Results 1 - 10 of about 3,450 from slashdot.org
Re: (Score:1)
Re: (Score:1)
Taking down? (Score:1)
What's the use of relying on a site been taken down?
You should patch your software in any case, otherwise the exploit still works if it is put somewhere else.
Security through censorship. Wonderful. (Score:5, Insightful)
That's what's really frightening; that there are exploits that have been in the wild and in the hands of the black hats for three years, which still have not been patched.
Those "exploit sites" are not the enemy here. If anything, they're a powerful tool that lets the 'good guys' be on equal footing, or near equal footing, with the bad guys, who are probably trading exploits around in IRC channels regardless of whether they're on the WWW or cached or not.
Re: (Score:2)
IMO there is a big difference between posting information and posting exploits. If I write a convienent tool to hack something, then publish if for script kiddies everywhere does that improve or reduce security for everyone?
If I descover a new way of breaking into a car and tell everyone, isn't that different than selling the tools to do so?
I agree that spreading the information is valuble. I don't believe that spreading the cracks to use sai
What about e-muggers? (Score:2, Funny)
How about fixing the problem instead? (Score:4, Insightful)
More needs to be done (Score:3, Funny)
gimme a break, a cache is a cache, it's supposed to have old information, even if that information is wrong, or destructive.
Re: (Score:2)
Luckily even the 15 year-old 386 i was using as a go-between recognized Michelangelo
Great i have viruses old-enough to drive now.....
news to me (Score:1)
why on earth would something get cached if it is malware infected/contains exploits without being cleaned at some future time when said malware or exploits are discovered?
i know the caching is an automated process, but the caches themselves aren't scanned for malware/code exploits like the live sites?
Re:news to me (Score:4, Funny)
Re: (Score:1)
Re: (Score:1, Funny)
Ours are. We have an army of pixies and an ostrich called Sam who painstakingly audit and review everything we store on our web caches. We chose pixies because they're quite small and we can pack them tightly to get the density up. Real world IT solutions rarely scale up to enterprise performance without squashing a few little folk and sometimes it can be fun to squash a few an
Re: (Score:1)
that's three hyphens out of the last 26 characters i typed. not bad.
Fun with /.'s helpful link host's name feature (Score:3, Interesting)
Yahoo's cache can be addressed at rds.yahoo.com (compared to Google's cache, which uses IP addresses with no associated hostnames). Thus, all the various message boards that use the slashdot style of putting the domain name of the host will show yahoo.com even if it might be serving up an IE exploit that was hosted at mynastystuff.ru, increasing chances of click through. MSN uses a resolvable name for their cache as well, but it's at least identifiable as msncache.com rather than just msn.com.
more fun with /. and google (Score:2)
Obligatory... (Score:1)
Just us trojans invisibly taking over your system.
1994 called, they want their Hugo Winner back (Score:1, Offtopic)
OMG!!! Exploits from 2003-2004!!! (Score:1)
Re: (Score:1)
Re: (Score:3, Interesting)
Isn't the idea to fix the exploit? (Score:2)
I thought that if an exploit was discovered, systems that could be infected were patched, rather than worrying too much about the virus itself staying in the wild.
Sure, a lot of caches can keep very old content (the Wayback Machine www.archive.org would be a good example). But spread infection is mainly prevented by immunising systems, not by removing all known traces of the virus / trojan / etc. Bacteria and viruses can live in harsh conditions (relative to those that they require to thrive) but immunisat
Easy solution for future exploits (Score:2, Insightful)
<META NAME="msnbot" CONTENT="noarchive">
Done.
Re: (Score:2)
Hiliriously Stupid Article (Score:2)
Yeah, if you're running your vulnerable server code out of the same cache. ;-)
That's because removing the content doesn't combat the threat at all. Fixing the bugs that allow malicious code to work, is the only way to combat the threat.
It is useless to try to put genies back into
Once its on the web, it will always be available (Score:2)
A kid may write on their xanga about how drunk they got thursday night, then decide to take it down saturday, but it's always possible a future employer could come up with it anyway. Likewise, developers should assume that any exploits that have ever be
Re:Once its on the web, it will always be availabl (Score:2)
My former boss said back in 1997, "Whenever you put up a web page, you've just joined the PR department." A reasonable corollary might be, "Whenever you put up a web page, you've just created a PR department for yourself." Think about it.
Wayback machine (Score:1)
It's kinda like Polio and Malaria... (Score:5, Insightful)
The human race took two different solutions to polio and malaria. (I'm not a doctor, so forgive any minor inaccuracies.)
With malaria, we took the "stamp out the viral archive" approach. We tried to kill the carriers - the mosquitos. If we can eliminate all the mosquitos that carry the infection (like eliminating old internet caches), nobody will have to worry about getting infected. Well, guess what - it didn't work. Malaria is a HUGE problem in many third-world countries, routinely killing a million Africans a year and costing $12 BILLION annually in Africa alone (see last week's WashPost Magazine article for details; registration required: http://www.washingtonpost.com/wp-dyn/content/arti
With polio, we took the approach that preventing infection was the key. We innoculated EVERYONE, so that even if the virus surfaced, it wouldn't cause infections. It's proven to be a largely effective solution, with only a few periodic pockets of infection occurring in remote parts of Africa where the youngest are not innoculated afresh. And that problem is fairly easy to control.
Same thing here. Forget the archives. That's naive. Instead, focus on better immunity.
Re: (Score:2)
And to say that people have just started trying to create innoculations against Malaria is a truly stupid statement.
Re: (Score:2)
Next, can you explain how emphasizing condom use instead of just giving everyone an AIDS vaccine shows that doctors today are increibly stupid?
Snooze (Score:2)
Hell, google.com cache pages are great for shit like this.
Almost literally? (Score:5, Funny)
But is it almost literally, or literally almost? What would make it true life after death? (Literally)
Re: (Score:2)
If the 'fixed' page reverted to the malwared page 3 days after being nailed to the cross^W^W^W^Wcached
/ducks
Old exploits... (Score:2)
"Old (xxploits) never die, they only (hid) away (in proxy cache...)"
Whatever happened to what they used to do... (Score:1)
Like Joe Rogan said (Score:5, Funny)
Why not just patch the vulnerabilities? If publishers would fix their shortcomings then it wouldn't be an issue.
LK
Re: (Score:2)
ummm... (Score:2)