DefCon 17 talk video of my talk
Posts Tagged ‘technical’
Blocking legitimate sites in real-time
I Ran into this on Slashdot: http://tech.slashdot.org/tech/08/09/21/1827209.shtml. It seems like the Google filter for malicious sites was blocking a whole domain name – including all sub-domains, which happened to be a dynamic DNS provider. A Big false positive, and a big problem to all the legitimate sites that were hosted using this domain. Disclosure – [...]
Malicious code, exploit vectors or top-programmer job?
What would you say if you saw one of these code snippets in a website you browse to:
dim tass
Set tass = CreateObject(“CnsHelper.CH”)
If IsObject(tass) then
HasCns = true
else
HasCns = false
end if
or:
function winIE5upPlyrDetect(){
var playerAxObj;
var iectlAxObj;
try{
iectlAxObj = new ActiveXObject(“Shell.Explorer”);
}
catch(e){
}
try{
or:
var fs = new ActiveXObject(“Scripting.FileSystemObject”);
try {
//open file, 8=appends to file, true=will create file if doesn’t already exist
var a = fs.OpenTextFile( fileUri, [...]