No Hope for Browsers

By Bill Leroy on May 18, 2009 8:02 AM | No Comments | No TrackBacks

Saumil's Shah presentation "Pwnage 2.0 - How to Own the World" at the Hack In the Box Conference in Dubai was certainly a prelude to this week's Gumblar explosion. One born every minute:

• IE XML
• MS02-009
• Safari and Quicktime
• IE8, FF3.1, Safari 4 - all pwned at Cansecwest
• Core browser components
• Plugins

Mass SQL Injection
• XSS
• SPAM

Remote control utilities
• Botnet clients
• Keyloggers, screenshotters, etc
• Toolbars, browser plugins
• Obfuscation
• Javascript encoding, encryption
• No hope for AV

Hack in the Box Conference Materials

Bruce Schneier's book Secrets and Lies clearly points out the complexities with the browser framework.

Unmaskedparasites Blog Space about Gumblar

JSReddir-R

Unmasked Parasites Blog space posts 12 facts about the Gumblar injection Scripts

Stat Blog Q&A on Gumblar

Categories:

No TrackBacks

TrackBack URL: http://www.netforensics.com/mt/mt-tb.cgi/65

Leave a comment

Blog Search

Subscribe

Enter your email address:



Syndicate




© 2010 netForensics, Inc Privacy Policy | Site Map