XSS web attacks could live forever, Google employee warns

Discussion in 'other security issues & news' started by MrBrian, Oct 7, 2011.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Solution =

    1 - Don't use HTML5 local storage

    2 - Close your browser often

    3 - Use NoScript

    How many will though ?
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Not me, for sure.

    Good article.
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  5. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Don't forget "re-creating a browser profile", to get away from the infection.
     
  6. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    Also apps like Returnil and Shadow Defender would help. Just reboot and everything is gone.
     
  7. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    What if you run OSX or Linux, what value are they then?
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Returnil and Shadow Defender are nice for removing an infection but if you just have your browser hijacked you're still being tracked for the session.
     
  9. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    How can a user determine if XSS Subversion has hooked into the browser?
    Behavior: The displayed content has changed from the traditional content you are used to.
    Advertising will not be the same because the attacker is pushing their content instead of the traditional content you were previously used to. Adblockers will conceal this alteration from your vision.
    Search results may not be the same as an uninfected browser.

    How can a user determine when and where they become infected by this method?
    View page source?

    In my experience, Firefox design allows for this attack to remain persistently unless the user is aware of how to undo the XSS subversion.
    Chrome, due to a design difference from Firefox, only requires clearing all data from within the tools (from the beginning of time) and closing the browser and restarting.
     
  10. BrandiCandi

    BrandiCandi Guest

    The most effective way to fix XSS is for developers to write better web applications without those vulnerabilities in the first place. I'd also like to win the lottery, not sure which will happen first.
     
  11. BrandiCandi

    BrandiCandi Guest

    I'd say that prevention is much easier than mitigation. Like others said, block scripts and the XSS can't run.
     
Loading...
Thread Status:
Not open for further replies.