HTML 'Hack' Could Use Browsers To Open Net Security Hole!!!

http://www.securitynewsportal.com/article.php?sid=1579&mode=thread&order=0

--
Regard: Joh@nnes�
1216771 Ont.Inc.
"Nothing is more damaging to a new truth than an old error"
0
Johannes
8/21/2001 1:20:00 PM
grc.security 16608 articles. 3 followers. Follow

1 Replies
465 Views

Similar Articles

[PageSpeed] 54

i don't see how this attack could be used against any machine that has an
"allowed hosts" list for processing of CGI scripts.  wouldn't the Perl (or
whatever else) interpreter see that the code was being submitted from a
referrer that is different than its host domain?  (this crack would actually
involve sending custom HTTP data, not just writing some special HTML code)

- Dixieland


Johannes Niebach <niebach@sprint.ca> wrote in message
news:9ltn7e$a4i$1@news.grc.com...
> http://www.securitynewsportal.com/article.php?sid=1579&mode=thread&order=0
>
0
Dixieland
8/21/2001 3:49:00 PM
Reply:

Similar Artilces:

''''''''''''''''''''
Name: haznen Email: haznenatyahoodotcom Product: Gran Paradiso Alpha 8 Summary: '''''''''''''''''''' Comments: '''''''''''''''''''''''''''''''''''' Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20061204 UGES/1.7.2.0 GranParadiso/3.0a1 From URL: http://www.mozilla.org/projects/granparadiso/ Note to readers: Hendrix gives...

Unable to cast object of type 'System.Security.Principal.GenericIdentity' to type 'System.Web.Security.FormsIdentity'.
Hi Has anyone ever came across this problem before, the code was working ok this morning, but now it not and nothing has changed. Here is some test code string UserData = Ret.ToString();                        FormsAuthenticationTicket objTestForCookiesTicket;                        HttpCookie objTestForCookiesCookie;                        objTestForCookiesTicket = new FormsAuthenticationTicket(1,    ...

Unable to cast object of type 'System.Security.Principal.GenericIdentity' to type 'System.Web.Security.FormsIdentity'
I am getting the following error when i request the page in iis. it was working fine. if anybody give any solution for this is greatly appreciated   Server Error in '/' Application. Unable to cast object of type 'System.Security.Principal.GenericIdentity' to type 'System.Web.Security.FormsIdentity'. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.InvalidCastException: Unable to cast object of type '...

"Microsoft must deliver 'secure environments' not tools to write 'secure code'" draft article
Hello Please see bellow the final draft of an article soon to be published. I would appreciate your comments and corrections of anything that I might have got wrong. Best regards Dinis Cruz ------------------------------------- Microsoft must deliver 'secure environments' not tools to write 'secure code'. The latest Microsoft development environment, the.Net Framework (currently on the 1.14 version) contains a new security paradigm called Code Access Security (CAS). The Code Access Security (CAS) main concept is that code should be executed based on its origin, ...

Electronic security was a 'secondary' issue, says M$'s security honco???
http://www.securitynewsportal.com/article.php?sid=1524&mode=thread&order=0 -- Regard: Joh@nnes� 1216771 Ont.Inc. "Nothing is more damaging to a new truth than an old error" "Johannes Niebach" <niebach@sprint.ca> wrote in message news:9lgmae$56c$1@news.grc.com... > http://www.securitynewsportal.com/article.php?sid=1524&mode=thread&order=0 > This is exactly what the problem is. "We built really great things that give you the ability to do really great things and often at times it's almost secondary at the back what som...

When loading gmail must always "reload" once unless using the secure loading site. When using the secure loading site loading takes four times as long. So I don't use the secure loading site, I just
Name: Dwight Metcalfe Email: dwmet1atgmaildotco Product: Firefox Summary: When loading gmail must always "reload" once unless using the secure loading site. When using the secure loading site loading takes four times as long. So I don't use the secure loading site, I just "reload" the other site once automatically just to save time. Hmmmmmmmm. Comments: Only been doing that about a month. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 From URL: http://hendrix.mozilla.org/ Note to reade...

[:'(] Help,How can i use asp.net program to change Folder's security
Hi everyone, i got a problem, when i run an asp.net program in the web. well, when page is loaded, i try to write an file to the page-related Folder, but the access deny......so, i must to change the Folder's security for 【ASP.NET Machine Account(can be written)】 manually to make it works. Therefore, i have a question , How can i use asp.net program to change Folder's security. I do not need to change the Folder's security manually by my self . There are currently no classes in the .NET framework for changing permissions (though there will be in .NET 2.0), although you could...

Access to the ADO.net Managed Provider 'SqlClientFactory' was denied in the data source with ID 'SqlDataSource1' because of security settings.
I am getting "Access to the ADO.net Managed Provider 'SqlClientFactory' was denied in the data source with ID 'SqlDataSource1' because of security settings. " When I use database connection to my web applicaiton. Can you tell me what is the problem. I have posted in forum http://forums.asp.net/thread/1306653.aspx but they asked me to post here. I am recieving the same error.  Did you find a solution to this? I was recieving this error while developing webparts for WSS SP2 running on .NET 2.0. I created a custom trust file with a permissionset and codegroup for my assembly...

superreview granted: [Bug 313217] document.open('replace') now opens text/plain document where it used to open text/html : [Attachment 200309] Patch to make a type of "replace" mean HTML but not repl
Johnny Stenback <jst@mozilla.org> has granted Boris Zbarsky <bzbarsky@mit.edu>'s request for superreview: Bug 313217: document.open('replace') now opens text/plain document where it used to open text/html https://bugzilla.mozilla.org/show_bug.cgi?id=313217 Attachment 200309: Patch to make a type of "replace" mean HTML but not replace https://bugzilla.mozilla.org/attachment.cgi?id=200309&action=edit ------- Additional Comments from Johnny Stenback <jst@mozilla.org> r+sr=jst ...

superreview requested: [Bug 313217] document.open('replace') now opens text/plain document where it used to open text/html : [Attachment 200309] Patch to make a type of "replace" mean HTML but not re
Boris Zbarsky <bzbarsky@mit.edu> has asked Johnny Stenback <jst@mozilla.org> for superreview: Bug 313217: document.open('replace') now opens text/plain document where it used to open text/html https://bugzilla.mozilla.org/show_bug.cgi?id=313217 Attachment 200309: Patch to make a type of "replace" mean HTML but not replace https://bugzilla.mozilla.org/attachment.cgi?id=200309&action=edit ------- Additional Comments from Boris Zbarsky <bzbarsky@mit.edu> Just treat "replace" in the first slot as if nothing were set. ...

Unable to cast object of type 'WIM2008_Web.App_Code.wim.security.data.User' to type 'WIM2008_Web.App_Code.wim.security.data.User'
I don't know if i post this in the rigth forum but it is related to database call. this is my code: public DataSet CustomerDetails_Select(Int32 ID)    {      DataSet ds = new DataSet();      WIMConnect wimcon = new WIMConnect();      WIMConnection cnnwim = new WIMConnection();      ConvertDataReaderToDataTable DrToDs = new ConvertDataReaderToDataTable();      GridViewHeadersDao gvh = new GridViewHeadersDao();       &nb...

'''''
Name: mario Email: ramar17atfastwebnetdotit Product: Gran Paradiso Alpha 2 Summary: ''''' Comments: K: Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a2) Gecko/20070206 GranParadiso/3.0a2 ...

your 'security' ?
Name: Carlo Canteri Email: sanvitaledotindotarcoatgmaildotcom Product: Firefox Summary: your 'security' ? Comments: I saw you boast tag about security so decided to look at the blurb. I don't really believe it. I like using firefox for my email browser but the google facility is completely unusable. [I'm on a MacBook with OSX 10.5] I have to keep a safari page open just to use google. Firefox is useless because your security, I suspect, has been breached. A google search produces the usual listings, choose any ony and click and you can NEVER get i...

Security startup's creed: you can't hack what you can't see
Security software startup Trusted Network Technologies Inc. is expected to come out of hiding this week. But it hopes its customers will appreciate the ability to make their networks and critical information systems more clandestine. The company is expected to disclose today that it has received $6 million in first-round funding from Charles River Ventures and Flagship Ventures, and it will unveil its access-management app, Identity, which sports a sneaky twist. According to company founder and CEO Stephen Gant, the app provides user access control by embedding a two-factor identity--o...

Web resources about - HTML 'Hack' Could Use Browsers To Open Net Security Hole!!! - grc.security

Resources last updated: 12/29/2015 6:48:13 PM