Browser exploit tests & alternative defenses

Re: Browser exploit tests & alternative defenses

Referrer blocking blocks only the referrer. But since when did Maxthon have that?

 

Re: Browser exploit tests & alternative defenses

Hi,

It could be in one of the next versions, Maxthon rules!!! Did you know that it actually fixed a unpatched hole in IE?

 

Re: Browser exploit tests & alternative defenses

Be very careful with Ad-muncher in (MYIE2) now Maxthon as it does 'call home'

I tried MYIE2 for a short time and quite liked it but as it is base on IE 5.01 what will happen when SP2 is released and requires IE6 for the full function of the gold bar and security settings?

 

Re: Browser exploit tests & alternative defenses

Peakaboo,

Version 4.13 Released:

http://www.kye-u.com/proxo/forums/index.php?showtopic=131&st=0#



-Added (OnUnload Unloader [Scott L.])

-Added (IE: "Shell" Cross Zone Exploit [Kye-U])
http://www.securityfocus.com/bid/9628/info/

-Modified (IE: showHelp() Exploit [Kye-U])
--Added ClassID, renamed to include giver of information, Siamesecat

-Modified (Prevent file access [Siamesecat])
--Made it match with IMG tags
--Fixed false positive

-Removed (IE: Expose Local Files Exploit [Kye-U])

-Removed (IE: Local Zone Access Exploit [Kye-U])

-Removed (IE: Meta Tag Foreign Domain Exploit [Kye-U])

-Removed (Opera: Address Bar Spoofing Exploit [Kye-U])

 

Re: Browser exploit tests & alternative defenses

Amazing... my firefox browser version 0.9.2 defeated all the vulnerabilities!

 

Re: Browser exploit tests & alternative defenses

One of the most important things you can do to improve your security is use an alternative browser.

After switching it is important to keep your browser version updated as no software is perfect, it is just a matter of time before someone finds the holes.

That said Firefox and others like Opera, Kmeleon etc appear to place a high priority on providing a secure product as the gif below indicates the holes are there but they are few, and if you are on beta 0.9.2 you should be clear on all known vulnerabilities to date (same for Opera 7.53).

Post #59 shows additional steps you can take to be more secure on the net.

 

Re: Browser exploit tests & alternative defenses

^^^

Exactly, with all this focus on IE you will almost forget that Mozilla and Opera have security issues too. At the moment I browse sites that use javascript only with Opera, but I haven't patched that in a while LOL.

 

Re: Browser exploit tests & alternative defenses

By using IE 6 Sp1....which is ALL my defenses....IE passed with flying colors.

 

Re: Browser exploit tests & alternative defenses

Bubba, glad to hear you did well with IE 6 Sp1.

For most the recommended solution to browser exploits is a combination of moving to an alternate browser and additional layered defenses. See post #59 page 3.

As noted in post #74 the 30 exploits + browser test become a reference point only test base for the poll, to show the impact of using old unpatched IE versions of the past. If M$ improves their track record going forward, you will see fewer IE exploits on a relative bases listed in the alpha exploits. The alpha exploits are where I add the new exploits going forward from 4/3/04.

Note also that according to the test info descriptions, IE 6 SP1 is vulnerable to at least the following 2 listed alpha exploits:

Microsoft Internet Explorer Popup.show Mouse Event Hijacking Vulnerability

Microsoft Internet Explorer JavaScript Desktop Spoofing Vulnerability

Post #17 page 1 has the links to get you to more data on the above 2 alpha exploits.

 

Re: Browser exploit tests & alternative defenses

Very much agree that IE is NOT a browser for the masses to use because in order to use IE securely one needs to understand it's capabilities....something most users, much less the masses, have any desire of doing. As for a layered defense....that is a given if one is to stay secure when browsing today's World Wide Web.

Actually....IE 6 SP1 is exploitable with most ALL those above mentioned vulnerabilities....BUT....with a properly secured IE it's worse than watching paint dry


One of the things that bothers me most is the move to alternate browsers without at least attempting to learn the capabilities of IE. Hopefully I'm wrong....but now the evil doers are probably burning the midnight oil finding holes in these alternate browsers of users that are still clueless when it comes to securing their Internet travels. While some of these alternate browsers will indeed offer better protection for some....a little knowledge is still needed or they will be right back where they were....Not practicing safe Hex.

 

Re: Browser exploit tests & alternative defenses

I have keep-all-software-up-to-date policy for my computer, which means all the software on my computer is always up-to-date.
​

 

Re: Browser exploit tests & alternative defenses

A bit OT: I've heard that the filters that Kye-U provides don't really help against all these IE exploits, what's up with that?

 

Re: Browser exploit tests & alternative defenses

Rasheed,

Can you be a little more specific, which exploits do the filters not work against? Did you just hear this or did you experience this? If you heard it and you have a link post it.

I'm sure Kye is open to any positive suggestions for improving his filters.

Also as you are aware proxo was never intended as a main line defense against IE exploits, a local proxy like proxomitron can be part of a total layered defense.

 

Re: Browser exploit tests & alternative defenses

I'd say it covers most of the more recent ones, for the latest version of IE (5 - 6)

I'm sure that it's better than nothing at all

 

Re: Browser exploit tests & alternative defenses

I'm not sure if it's a good idea to post the link, but I do know that the people who are saying this are no security newbies.

I mean if the filters are not helping to elinimate these security problems, it's a bad thing to give people a sense of false security of course.

So let me get this clear KyeU, you are saying that all the filters you provide will solve the known exploits in IE? Did people test this? Don't get me wrong, I'm not an expert myself, it's obvious you know more about this subject than me, so maybe you can give me some info.

 

My filters will solve most of the recent exploits discovered in IE. I looked at examples of each exploit, and created filters to fix them.

For example, the filter "IE: Javascript Full Screen Exploit [Kye-U]" has this in its matching section:

.show\(*screen.(width|height)*\)

This will detect this code on this site:

Code:

spoofwin.show(screen.width/2-59,screen.height/2-68,250,40)

http://freehost07.websamba.com/greyhats/dlwinspoof.htm

It works by looking specifically for the ".show(screen.width OR height)"

Check for more examples here: http://www.securityfocus.com/bid/3469/exploit/

 

Re: Browser exploit tests & alternative defenses

OK, thanks for the info, it looks good to me, I'm going to have a talk with the folks that were not impressed by your filters.

 

Re: Browser exploit tests & alternative defenses

I just clicked on this poll and got a trojan detected pop up. see screen shot

 

Re: Browser exploit tests & alternative defenses

Don't worry bigc, you can get rid of the trojan completely with TDS-3. Now that's the BEST solution for killing trojans.

 

Re: Browser exploit tests & alternative defenses

Mcafee will delete it if it is set to. I had it set to clean and quarantine. what is interesting is that the popup warning came from this thread on this forum.

bigc

 

Re: Browser exploit tests & alternative defenses

There's enough for all to go around! Part of the test!
Just a trigger BigC.....I think

GF

 

Re: Browser exploit tests & alternative defenses

Must be I don't mind sharing

 

Re: Browser exploit tests & alternative defenses

sorry i have problem understanding this test..........

I did the Broswer test at http://bcheck.scanit.be/bcheck/
And i pass them. Does it mean i don't need to do the 30 test included in the 2nd Post.

Also the alpha Explosit with name suggesting to IE does work in Firefox 1.0 as well, namely number 2 which crash my system.....

 

Re: Browser exploit tests & alternative defenses

You have answered your own question, a vulnerability in your security was exploited that crashed your computer. Thus in certain area's of the internet you are wide open to being attacked... Answers to how to stop such exploits can be found from post number 59 onwards.

Hope this helps…

Cheers

 

Re: Browser exploit tests & alternative defenses

Blackspear,

1) Perfect response to iwod's Q.

2) Is it just me or are we no longer able to edit prior posts... <== Looks like for older post no editing is possible, but for recent posts you can edit your posts as I am doing to this one.

3) I was going to add the following two exploits as Alpha exploits to post #1, but I see no way to edit now... oh well have fun with the following:

Alpha exploit example E - IE Drag and Drop Vulnerability <== proof of concept

Alpha exploit example F - IE Malformed IFRAME Remote Buffer Overflow Vulnerability

more info on these two here:

http://www.securityfocus.com/bid/11770/discussion/

http://www.securityfocus.com/bid/11515/discussion/

enjoy