funsec mailing list archives

Re: Hackers Focusing on Web 2.0 Sites (plus Comment)

From: Jordan Wiens <numatrix () ufl edu>
Date: Thu, 12 Jul 2007 10:29:21 -0400

On Jul 12, 2007, at 7:00 AM, Dude VanWinkle wrote:

Do you remember the java applet port scanner that was posted to FD a
while ago? If you visited the site, it would load the applet and scan
cia.gov from your IP  address? (kinda like this one:
http://switch.sjsu.edu/v6n2/ztps/, but I dont remember having to click
on "ok" to have the scan kick off..)

Well I am just waiting for some interactive content to allow folks to
load a tiny SMTP server into visiting users JVM's use that to send out
spam..

Could JS be used that way as well?


Not easily:

http://www.mozilla.org/projects/netlib/PortBanning.html
http://kb.mozillazine.org/Network.security.ports.banned.override

I imagine IE has similar restrictions.

Flash or java might have some options, but you have to get aroundtheir security as well:


http://java.sun.com/sfaq/example/port25.html

--
Jordan Wiens, CISSP
UF Network Security Engineer
(352)392-2061

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Hackers Focusing on Web 2.0 Sites (plus Comment) Paul Ferguson (Jul 11)
- Re: Hackers Focusing on Web 2.0 Sites (plus Comment) Dude VanWinkle (Jul 12)
  - Re: Hackers Focusing on Web 2.0 Sites (plus Comment) Michael Silk (Jul 12)
  - Re: Hackers Focusing on Web 2.0 Sites (plus Comment) Jordan Wiens (Jul 12)