The Broken Web

11 PM November 27, 2007

OSDC day 2 kicked off with Rasmus Lerdorf talking about security problems on the web. Highlights so far are:

  • Pointing out the that many browser plugins are URL handlers. If you can find a bug in a plugin that handles a URL, then you can compromise users clicking on that kind of link.
  • Live XSS hacking on http://www.liberal.org.au, the conference hotel’s website and a few others
  • The JS-Yamanner worm.
  • IE6 has some interesting problems, including:
    • in UTF-8, it interprets the character 0xE0 as the first byte of a 3 byte sequence. If you can inject an E0 into a data field and get it to redisplay on the browser, the browser will ignore the next two bytes, which may be an attribute close quote.
    • it will run Javascript source in an image tag: <img src=“http://evil.com/hack.js ”>.
  • Until everyone upgrades their Acrobat plugins, it’s possible to execute arbitrary Javascript in the context of a site serving a PDF, or even the user’s local machine. The only safe way to serve PDF files is from a domain other than your own.
  • Use crumbs to stop XSRF problems. A crumb is a unique piece of data put into each web form. When the user submits the form, the server should check that the crumb is the one that is expected.
By alang | # | Comments (0)
(Posted to Software Development)

Comments

Add Comment




(Not displayed)






(Leave blank line between paragraphs. URLs converted to links. HTML stripped. Indented source code will be formatted with <pre> tags.)




© 2003-2006 Alan Green