4812577
submission
Comments: 1 +- New attack exploits virtually all intranets, VPNs-> on Wednesday June 10 2009, @02:48PM redsoxh8r
Submitted
by
redsoxh8r
on Wednesday June 10 2009, @02:48PM
background: url(//a.fsdn.com/sd/topics/topicsecurity.gif); width:59px; height:78px;
security
redsoxh8r writes "Security researcher Robert Hansen, known as Rsnake, has developed a new class of attacks that abuses a weakness in many corporate intranets and most browsers to compromise remote machines with persistent JavaScript backdoors. Threatpost reports: "The attacks rely on the long-term caching policies of some browsers and take advantage of the collisions that can occur when two different networks use the same non-routable IP address space, which happens fairly often because the amount of address space is quite small. The bottom line is that even a moderately skilled attacker has the ability to compromise remote machines without the use of any vulnerability or weakness in the client software.
"If you're even vaguely clever, developing this might take you two hours. It's not that difficult," said Robert Hansen, the researcher who wrote about the attacks in a white paper published this week, called "RFC1918 Caching Security Issues.""
Link to Original Source
Link to Original Source
Women complain about sex more than men. Their gripes fall into two
categories: (1) Not enough and (2) Too much.
-- Ann Landers
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.
Thanks IETF!! (Score:1)