Hacker compromised legit Web sites now pose gravest danger

Discussion in 'other security issues & news' started by Hermescomputers, Jan 23, 2008.

Thread Status:
Not open for further replies.
  1. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Hello,
    You misspelled Mozilla - you wrote Mozzila on that page ...
    Mrk
     
  3. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?

    Oh... NO! :eek:

    Will fix it promptly!:)
     
  4. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    No, keep it, Mozzila sounds rather cool...:cool:

    /C.
     
  5. ethernal

    ethernal Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    132
    Location:
    Stockholm, Sweden
    i'd like to suggest a revision of the statement.

    legit web sites are usually quite secure and thus poses little threat.

    the real threat comes from legit website who has advertisement on low-security ad servers, serving up banners prepared with payload.

    several examples have surfaced lately where a third party advertisement server has been compromised to serve a javascript iframe injection and the legit banner in another iframe, thus not publicly showing off anything to the user.
     
  6. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Well... While this is true about doctored adds, it doesn't explain why most hostile code injections or calls to executables hosted on "hostile" servers via legetimate sites, come via IFrame's actually embedded into the web pages... These being what they are, require the "Server" to be compromised in some way in order to allow for the code on the page to be modified... Just cruise around hacked sites with Firebug, and see how the sites are compromised. You will be surprised.
     
Loading...
Thread Status:
Not open for further replies.