The Broken Web
November 27, 2007
OSDC day 2 kicked off with Rasmus Lerdorf talking about security problems on the web. Highlights so far are:
- Pointing out the that many browser plugins are URL handlers. If you can find a bug in a plugin that handles a URL, then you can compromise users clicking on that kind of link.
- Live XSS hacking on http://www.liberal.org.au, the conference hotel’s website and a few others
- The JS-Yamanner worm.
- IE6 has some interesting problems, including:
- in UTF-8, it interprets the character 0xE0 as the first byte of a 3 byte sequence. If you can inject an E0 into a data field and get it to redisplay on the browser, the browser will ignore the next two bytes, which may be an attribute close quote.
- Use crumbs to stop XSRF problems. A crumb is a unique piece of data put into each web form. When the user submits the form, the server should check that the crumb is the one that is expected.