Hackers claim zero-day flaw in Firefox

ffoxAccording to ZDNet yesterday:

“The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon.

An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer’s Mac OS X and Linux, they said.”

The full story can be found here and it looks as though the NoScript add-on can help mitigate the effects of the exploit (not a patch…just a workaround).

Getting to Know Netflow

darkAfter I had posted my article on configuring NetFlow export on Cisco devices, various people emailed me asking what, exactly, NetFlow is. It just so happens that Dark Reading has recently published an article on the topic. To explain what NetFlow is:

It is simply the aggregation of packets into “flows” and the reporting of that data. A flow is a collection of packets that can be characterized by source and destination IP addresses and ports, as well as a few more characteristics. The packets in a particular flow are counted and reported to a collector. Cisco and most other routers support NetFlow. NetFlow is used by all the major ISPs and carriers to resolve peering issues and account for whose traffic flows over which network.

Imagine being able to classify all of the traffic on your network into source, destination, and application. You can immediately determine which applications, users, and servers consume the most resources. You may be surprised, as the operators of Internet2 were, to discover that over 90% of your traffic is not business related, for instance. You may find a server that has been infected with a worm for months, spewing packets that eat up valuable bandwidth. You may discover unauthorized Web, gaming, IRC, or Warez servers on your network.

Read the full article here: http://www.darkreading.com/document.asp?doc_id=101496

VML Exploit Caught on Camera

websenseOur friends at Websense have recorded what happens when a workstation visits an infected site exploiting the current VML issue. They did a similar video when the WMF zero-day was released and their workstation was instantly flooded with Spyware applications and pop-ups galore. It was an impressive sight and obvious that they had just visited an infected site.

From the site:

So, we fired up our trusty video capture tools and pointed a VMWare workstation at a random site where our miners had recently discovered an iframe containing a VML exploit.

But…what’s this? Nothing happened, or so it seemed.

We were hoping to capture another onslaught of Spyware, but this malware author had something else in mind. Digging a little further, we discovered that this exploit is being used to install a new variant of a keylogger called Goldun. The attacker doesn’t want you be suspicious, so they have made certain that the infection process is as unobtrusive as possible. You are given no indication that there was anything wrong with the website you just visited.

After we visit the infected site, we log into a PayPal account to show you an example of the information that can be stolen. This keylogger operates by indiscriminately capturing the entire contents of EVERY web form on any page — all data entered into your financial, webmail, and Intranet sites can be captured. We added some commentary to the end of the video to provide a brief explanation of what happens behind the scenes.

The video and posting can be seen here.

Scroll to top