Kye-U filter

Discussion in 'other security issues & news' started by Mrkvonic, Jun 26, 2005.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hi,
    I browsed the forum and found only update to version 4.31.
    However, I'm using 4.33 already. Since the Kye-U site went down some weeks ago, I am unable to locate any update to the filter (if there's such one). Does anyone know where the most update cgf download is available (on hopto?)?
    Kye-U's answer would be most appreciated.
    Mrk

    P.S. I LOVE your filters. They killed both recently discovered firefox vulnerabilities. Jolly good job, man!
     
  2. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Hi Mrkvonic,

    If my server keeps acting like this I just gotta find a new one :)

    I've attached the latest one here (v4.34). School just ended for me so now I have LOTS of time to work on my cfg :)

    Thank you for that little message =) For the latest one here:

    http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/

    My latest config changes the <Body OnUnLoad> to <Body UnLoadOff> to prevent the script from running when you click on the link, and it also kills the two javascript functions screen.width and screen.height, possibly messing with the location of the spoofed message box on your screen ^_^

    The good news (for me) is that I just need to make a few updates for my KBSP every now and then, since most exploits are spoofing ones (involving some javascript, <Body Onload> or <Body OnUnLoad>). It's just the Denial of Service exploits I need to worry about :)
     

    Attached Files:

  3. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks Kye-U, i was trying to find the download yesterday, but the site must have been down.
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hi,
    Thanks a lot mate!
    Just a few side questions: do I keep the configuration set to your default, or should I add more options? For instance, in the very top of web, there's the line securty pack 4.33 (or 4.34). Are these just titles or headers or real options that should be also ticked? Do you recommend other filters, like jd or such?
    Anyhow...
    Superb work! Keep it up!
    Mrk
     
  5. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Oh, that is a header, just ignore that :) (don't tick it)

    Just keep it default, and if you experience a filter that is matching everything (false positives) just email me with the name of the filter and the URL of the site where it's matching (my email address is in the readme). I'm saying to email me because my site is currently down. Normally I would ask you to post in my forums ;)

    I recommend Sidki's configuration pack as JD5000 has not updated his in quite a while. Also, Grypen is doing a wonderful job at keeping JD5000's up to date :)

    Thanks again ;)
     
Loading...
Thread Status:
Not open for further replies.