[SGVLUG] you're exploited!
matti
mathew_2000 at yahoo.com
Mon Jul 2 17:01:24 PDT 2007
> > http://podcast-files.cnet.com/podcast/SecurityBites0622.mp3
> Maybe I missed something (as is generally the case), but the issues
> they're discussing (XSS, web-based spyware, keystroke logging,
> various
> 'new' attack vectors, etc) are nothing new.
well, it's not a new attack vector.. it's just that
it is now more popular.
here's the summary for those too busy to listen...
1) hijack websites, or add comments to pages
which include cross site scripting attacks.
2) Provide a custom exploit depending on the
version of OS/browser/plugins(and DLLs) ...
3) "key log" - well actually "post log".. that
is log all info from web page post submissions
(typically what you have in website login pages.)
as Sean notices.. there are a LOT of developers
out there who either do not know security well
enough, or do not have time to watch for all
the insecurity issues.
many of these attacks are coming from Russia..
matti
____________________________________________________________________________________
Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.
http://farechase.yahoo.com/
More information about the SGVLUG
mailing list