Re: applet security connecting to hosts

[Haroon Meer <haroon () sensepost com>]

Hi..

> F Lace wrote:
> First off, can someone explain the security issue if an unsigned
> applet connects to a different host?
> Thanks.

There could be multiple reasons for this but a while back we spent some 
time writing an applet that _could_ bypass this restriction with the 
following aims :

[a] While applet has pretty pictures (or just duke doing hand-flips) 
moving in the users browser, the applet is port-scanning hosts on his 
internal network and sending the results back our server. (by connecting 
 sequentially to ports on the internal host)

[b] Once our applet has scanned, and fingerprinted internal hosts we can 
 also get it to attack internal hosts (all this while the user simply 
sees moving pictures in his browser)

I guess the threat of of applet that loads in your browser and then 
attacks "whitehouse.gov" is just as serious..

/mh

======================================================================
Haroon Meer                                                         MH
SensePost Information Security                          +27 83786 6637
PGP : http://www.sensepost.com/pgp/haroon.txt     haroon () sensepost com
======================================================================