Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:Blackhole (Score 5, Informative) 49

Symantec says that Blackhole affects "various Windows platforms". Does Cryptome run on Windows?

Whether or not cryptome runs in windows is not for me to say, however I do believe that cryptome was compromised and made to distribute the blackhole exploit. The following is found on TFA:

Although I'm not a full fledged security researcher, I could shed some light on the script that you found on your server. The basic program flow goes like this when a client loads the script (in your case every time anyone visits one of your pages):

  • the client IP address is compared against a list (net_match(...)) and if it falls within the range of the list it is in scope
  • the client OS is determined and if it is a windows machine, it is in scope
  • the client browser is determined and if it is a internet explorer (6.0 until 8.0) it is in scope
  • if the client is in scope (i.e. all three of the previous are true), a file is created on your webserver (empty text file), the filename is the IP address of the client (probably for later retrieval)
  • an iFrame is loaded in the browser of the client that will be impossible to see (width and height of 1 pixel) and that iframe points to the webpage of 'http://65.75.137.243/Home/index.php'

After step 5 probably the browser is under attack and it will probably be a successful attack since the attackers knows the client to be a windows machine running an internet explorer browser, my guess would be that the client is now infected and part of a botnet to be used in other attacks. The IP address of the attacker is a webserver for the domain http://absolutely-free-meeting.com/ I'm not sure they have anything to do with this attack, probably they are a comprimised server like your webserver was compromised. The WHOIS information for this domain is registered by godady and I include their data and the registrants data below, it would be best to contact both so that they can clean up their server also. Conclusion:

  • your webserver was compromised and a file was uploaded (the attacking script)
  • the attacker was only interested in certain IP address (probably only a certain location)
  • the clients that are infected are infected from another web server (no idea why since that attack script could have been put on your webserver also)

PS: I tried to format that as best I could but slashdot was having none of it

Comment Re:Inevitable. (Score 1) 511

True enough. There are many advanced features you find in NoScript but not NotScripts, and I can see how one would miss them. But if all you're looking for is to block flash and ad network/tracking scripts, it gets the job done.

It mostly gets the job done. The inline javascript is huge. On the developers own site he admits he cannot currently block inline javascript. Which means a simple <script>while(1){alert('trolololol')}</script> would defeat it. I know Chrome detects this and will not allow an infinite number of alerts but my point is inline scripting is used a lot and NotScripts cannot protect against that.

Comment Re:Inevitable. (Score 1) 511

See my post above, I've used NoScript, I use NotScripts on Chrome now, and I don't miss any functionality.

While an average user might not miss any functionality with NotScripts the overwhelming truth is that there are limitations to what NotScripts can do with the limited Chrome API. Let me list some features I use daily:

  • Clickjacking protection
  • inline script blocking
  • Script Surrogates
  • XSS Filtering
  • Application Boundary Enforcement
  • HTTPS Enforcement
  • Secure Cookie Enforcement

I could go on but lets discuss ABE for a moment. Singularly the most awesome part of NoScript. Lets say you allow Facebook.com scripts to run since you have a facebook account. Now lets say you allow slashdot.org scripts to run because you are a masochist. Facebook inclusions will run on slashdot.org because you trust both facebook and slashdot. But not with ABE:
# Facebook XSS
Site .facebook.com .fbcdn.net .facebook.net
Accept from .facebook.com .fbcdn.net .facebook.net
Deny INCLUSION

I could still go on but you get the point right?

Facebook

Submission + - Who Owns Your Social Identity? (ieee.org) 1

wjousts writes: Who actually owns your username on a website? What rights do you have to use it? What happens if they decide to take it away? IEEE Spectrum reports:

What happens if Facebook or Twitter or, say, your blog hosting service, makes you take a different user name? Sound impossible? It’s happened. Last week, a software researcher named Danah Boyd woke up to find her entire blog had disappeared, and in fact, had been renamed, because her hosting service had given her blog’s name to someone else.

And as important as they are, what protects our accounts are the terms of service agreements. If you read them—and who does?—you’d learn, probably to no surprise, that they protect the provider a lot more then they protect you.


Slashdot Top Deals

Money is truthful. If a man speaks of his honor, make him pay cash. -- Lazarus Long

Working...