it's fairly feasible concept. 1) attacker places javascript on a public website to add a bookmark for www.onlinebankx.com (and possibly other commonly visited sites where a username and a password might be needed) which is actually www.attackersite.com. 2) attacker sets up a mirror of www.onlinebankx.com on www.atackersite.com. 3) attacker then sets up some method to draw people to visit public website (free porn, for example). 3) victim visits public website, gets several bookmarks added. 4) if the attacker is lucky, the victim eventually goes to visit one of those bookmarks which pulls up the fake site. 5) victim enters their username and password for www.onlinebankx.com at which time the attacker records such information as entered. 6) an error page is then displayed and victim is then forwarded on to the real site, unaware that their username and password have been obtained by the attacker. combine step 1 with placing malicious javascript on vulnerable ida iis sites, and a worm to deliver such a package, and the number of possibilities for this scenerio to work gets higher. the only two dependent variables are: wether joeuser running ie visits a bookmark effecting site and wether joeuser will go to a possibly redirected website. opera and netscape both do not direct themselvs to a bookmark-title location. also, netscape and opera do not support the remotee-bookmark placing 'feature'. On Wed, Aug 15, 2001 at 03:05 PM, Kevin Gagel <Gagelat_private> said: > Personally I like the idea that I can name my bookmarks whatever I want. > This allows me to save web sites that are poorly named with something I > prefer. > > Exploiting this would be a "social engineering" exploit, not a bug. > I guess the more integrated we get the harder it will be to prevent this > kind of social exploit. > > Nothing short of a labotamy for exploiters can really help with a social > exploit. Especially since > most users tend to not bother understanding. > > Therefor I recomend a real fix for the problem - Turn off the > computer... > > > yup totaly right > > rename bookmark to a website like hotmail and it follows the bookmark > > instead of the real page meanted > > -- > ============================= > Kevin W. Gagel > Network Administrator > College of New Caledonia > gagelat_private > (250)561-5848 loc. 448 > ============================= ----- ________________________________ Mike Mclane | xyntrixat_private | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 21:59:37 PDT