Jump to content

<<< 12Oz Computer Tech Support SuperThread >>>

Mainter

By Mainter
in Channel Zero

 Share

Recommended Posts

This forum is supported by the 12ozProphet Shop, so go buy a shirt and help support!
This forum is brought to you by the 12ozProphet Shop.
This forum is brought to you by the 12oz Shop.
  • Replies 16.8k
  • Created
  • Last Reply

Top Posters In This Topic

  • lord_casek

    3772

  • Seffiks

    2661

  • Mainter

    2483

  • johnny ballbags

    479

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

GnomeToys
GnomeToys

CHALLENGE ACCEPTED

Dirty_habiT
Dirty_habiT

Computer security has many facets.  My basic recommendations for a home user are the following:   * Use a good brand of router, do not rely upon what the telco provided you to be secure.

KILZ FILLZ
KILZ FILLZ

@Tails0nEmaybe try asking here  @Dirty_habiTis pretty good with the ‘puters 

Posted Images

Mainter

Mainter

Posted
  • Author
Posted

Re: «<< 12Oz Computer Tech Support >>>

 

old but still a good reason to get firefox

 

Myspace Worm (Thank You Internet Explorer)

 

With the advent of social networking sites, becoming more popular is as easy as crafting a few lines of JavaScript code, it seems.

 

One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, "Samy" had amassed over 1 million friends on the popular online community.

 

How did Samy transcend his humble beginnings of only 73 friends to become a veritable global celebrity? The answer is a combination of XSS tricks and lax security in certain Web browsers.

 

 

 

 

 

First, by examining the restrictions put into place by MySpace, Samy discovered how to insert raw HTML into his user profile page. But MySpace stripped out the word "javascript" from any text, which would be needed to execute code.

 

With the help of Internet Explorer, Samy was able to break the word JavaScript into two lines and place script code within a Cascading Style Sheet tag.

 

The next step was to simply instruct the Web browser to load a MySpace URL that would automatically invite Samy as a friend, and later add him as a "hero" to the visitor's own profile page. To do this without a user's knowledge, the code utilized XMLHTTPRequest - a JavaScript object used in AJAX, or Web 2.0, applications such as Google Maps.

 

Taking the hack even further, Samy realized that he could simply insert the entire script into the visiting user's profile, creating a replicating worm. "So if 5 people viewed my profile, that's 5 new friends. If 5 people viewed each of their profiles, that's 25 more new friends," Samy explained.

 

It didn't take long for friend requests to start rolling in - first in the hundreds, then thousands. By 9:30pm that night, requests topped one million and continued arriving at a rate of 1,000 every few seconds. Less than an hour later, MySpace was taken offline while the worm was removed from all user profiles.

 

Samy says his intentions weren't malicious, but expressed concern that MySpace, which was purchased by News Corp. in July for $580 million, wouldn't see it that way. Company officials have not contacted him, but his account was deleted.

 

"My primary motivation was to make people laugh. I wanted a few friends to have my name appended to their list of heroes, including some of their own friends whom I don't know directly," Samy told BetaNews in an e-mail interview. "Me, a hero? That had to be the funniest joke people have heard in a while. Well, a lot more people heard it than I had really wanted."

 

Still, aside from remnant "samy is my hero" text strewn across the Internet's fifth largest Web site, the end result could end up positive.

 

The worm has piqued the interest of a number of security professionals who say XSS is a major problem that many companies overlook. Google employee Evan Martin even broke down the worm's AJAX code on his personal Web log.

 

"Found in over 90 percent of Web sites, Cross-Site Scripting vulnerabilities are by far the most common security issue," Jeremiah Grossman, co-founder and CTO of WhiteHat Security, told BetaNews. "The incident with MySpace illustrates the dangers presented by XSS vulnerabilities and underscores the importance for organizations to fix these issues."

 

"Those who do not, especially the on-line financial institutions and community Web sites, are prime targets," added Grossman. But Samy noted that MySpace isn't the only party to blame for the vulnerability, stating that browser makers also need to do a better job with security.

 

"MySpace has always properly filtered out valid JavaScript indications," Samy said, "however it was due to browser leniencies that allowed me to still get JavaScript to execute."

Link to comment
Share on other sites
Mainter

Mainter

Posted
  • Author
Posted

Re: «<< 12Oz Computer Tech Support >>>

 

PC Support

Get all your Windows, Hardware, Networking, and software support questions answered here

 

PC Tips and Tricks, Modding

 

Linux/Unix Support

Get all your Linux/Unix questions answered here

 

Linux/Unix Tips and Tricks

 

Mac Support

Get all your mac questions answered here

 

Mac Tips and Tricks

 

Electronics

Get all your questions on MP3 players, Digital Cameras, Digital Video Cameras, TV's, etc. answered here

 

hey for the viewers what the hell do you want to see posted here add yer comments

 

What Do You Want To See Here

Link to comment
Share on other sites
Mainter

Mainter

Posted
  • Author
Posted

Re: «<< 12Oz Computer Tech Support >>>

 

Network Utilities from Bindshell

 

http://www.bindshell.net hosts some nice networking and other tools, take a look at:

 

* synscan - A very quick half-open portscanner with optional multithreaded protocol specific probing tool.

 

* ipsort - takes input from standard in, a file or list of files and sorts the ip addresses.

 

 

 

* rfidtool - is a linux command line tool for editing rfid tags. Functionality includes reading, writing, saving, loading and erasing. It currently supports ACGs PCMCIA/CF Multi-Tag Readers.

 

* massresolve - This program performs reverse dns lookups for network blocks or an input file and supports multi threading.

 

* kismet-parse - kismet-parse is a small perl script for parsing kismet network files. It displays information relating to the MAC address of the discovered access points and clients

Link to comment
Share on other sites
Mainter

Mainter

Posted
  • Author
Posted

Re: «<< 12Oz Computer Tech Support >>>

 

Mirosoft Bets Businees On Linux

 

The next time Bill Gates sends an e-mail through Microsoft's shiny new Wireless LAN it will be passed through a behind-the-scenes Linux-based network appliance.

 

 

Earlier this year Microsoft and Aruba Networks jointly announced the two companies will work to replace Microsoft's existing Cisco wireless network with Aruba's centrally-managed infrastructure, which eliminates the need for individual changes on the access points.

Link to comment
Share on other sites
lord_casek

lord_casek

Posted
Posted

Re: «<< 12Oz Computer Tech Support >>>

 

mainter: got any good resources for setting QoS in the wrt54g running hyperwrt?

i need to set up a vonage line again and make sure it gets bandwidth priority only when a call comes in or goes out.

 

found a few tutorials, but they were awfully written

Link to comment
Share on other sites
Mainter

Mainter

Posted
  • Author
Posted

Re: «<< 12Oz Computer Tech Support >>>

 

http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=1701&p_created=1094664616&p_sid=JweSUq8i&p_accessibility=0&p_lva=&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9NCZwX3Byb2RzPTAmcF9jYXRzPSZwX3B2PSZwX2N2PSZwX3NlYXJjaF90eXBlPWFuc3dlcnMuc2VhcmNoX25sJnBfc2NmX2xhbmc9MSZwX3BhZ2U9MSZwX3NlYXJjaF90ZXh0PVFPUw**&p_li=&p_topview=1

did you talk to linksys?

Link to comment
Share on other sites
lord_casek

lord_casek

Posted
Posted

Re: «<< 12Oz Computer Tech Support >>>

 

nah, i hate linksys.

 

ahh, i'll do that mac addy QoS setup. seems easy enough.

i know this hyperwrt has alot of options i haven't even explored yet...

ugh.

 

thanks, though. that helps me make my mind up about what i'll do

temporarily or permanently. i'unno

Link to comment
Share on other sites
lord_casek

lord_casek

Posted
Posted

Re: «<< 12Oz Computer Tech Support >>>

 

Why isn't there mouse-flavored cat food?

hmm. cats, like dogs, probably go on texture moreso than taste.

i do know that the colors are only for us. cats and dogs don't care about color of food.

eukanuba has it right. iams, too.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...