http://sciencex2.org/en/taxonomy/term/3263 The taxonomy view with a depth of 0. en http://sciencex2.org/en/node/52736 <h3 class="field-label">Description</h3> <div class="content"> <p>Jack Louis and Robert Lee, from Outpost24 (<a href="http://www.outpost24.com/" title="http://www.outpost24.com/">http://www.outpost24.com/</a>), are scheduled to give a talk at the T2'08 Information Security Conference in Finland later this month giving details on a new, and dangerous, denial of service attack that uses TCP state table manipulation. The attack is unique in that it is cross platform and requires very little bandwidth to be executed.[1] This attack also has a prolonged impact on the hardware that lasts beyond the denial of service. As a blogger from a recent talk from Louis and Lee wrote, &quot;After this introduction it was time for them to show their application Sockstress. Unfortunately they couldn&rsquo;t disclose any technical details about it but they ran two demos and it was quite amazing.Exploiting a vulnerability they showed us how they brought down port 80 on a web server (or actually the presentation laptop) in a matter of seconds. A typical Denial of Service attack. The next demo was even better. The started playing music on the very same laptop and then started Sockstress. After about two minutes the music wouldn&rsquo;t play the way it was supposed to. It was slowed down, the CPU was at 100% etc. They then stopped sockstress but the machine never came back. It kept misbehaving even though the attack was over. What was really interesting was that both these attacks only sent 4 packages each second to the server machine. That&rsquo;s nothing and could be done on a 56k modem. Scary but cool.&quot; Louis and Lee have contacted vendors regarding the various bugs they have found which allow for this exploit but aren't releasing technical details at this time due to the fact that there are currently no short-term fixes.[3] Concern has been expressed in the security community that just the simple talks given thus far may be enough of a recipe for a low-level hacker to easily replicate the attack.</p> <div class="og_rss_groups"><ul class="links"><li class="first last og_links"><a href="/en/node/13855" class="og_links">Computer &amp; Information Science</a></li> </ul></div></div> <div class="field field-type-text field-field-source"> <h3 class="field-label">Source</h3> <div class="field-items"> <div class="field-item"><p>[1]"Jack C. Louis and Robert E. Lee to talk about New DoS Attack Vectors", T2'08 Conference, August 27, 2008, Jack C. Louis and Robert E. Lee to talk about New DoS Attack Vectors<br /> [2]"Sec-T, Day 1", Norden Felt, September 12, 2008, <a href="http://blog.nordenfelt.com" title="http://blog.nordenfelt.com">http://blog.nordenfelt.com</a><br /> [3]"Snake Bytes: New DOS Attack is a Killer", RSnake, darkREADING, September 30, 2008, <a href="http://www.darkreading.com/blog.asp?blog_sectionid=403&amp;doc_id=164939&amp;WT.svl=tease2_2" title="http://www.darkreading.com/blog.asp?blog_sectionid=403&amp;doc_id=164939&amp;WT.svl=tease2_2">http://www.darkreading.com/blog.asp?blog_sectionid=403&amp;doc_id=164939&amp;WT.svl=tease2_2</a></p> </div> </div> </div> http://sciencex2.org/en/node/52736#comments denial of service internet vulnerability jack louis outpost24 robert lee sockstress Ethics in Science Computer &amp; Information Science Thu, 02 Oct 2008 12:48:48 -0700 Jerry Sheehan 52736 at http://sciencex2.org http://sciencex2.org/en/node/51311 <h3 class="field-label">Description</h3> <div class="content"> <p>Since 2000 there has been an acknowledged vulnerability in the Web allowing a malicious user to embed code in a Web page that transmits &quot;secret&quot; commands to a Web site without the authenticated user being aware. This exploit, known as a Cross-Site Request Forgery (CSRF), is very difficult to track because the commands are coming from the authenticated user, they are just unauthorized. The most common ways to perform this attack is to hide commands within either html or javascript image tags.[1] Robert Auger, of cgisecurity.net, explains the scope of this vulnerability when he writes, &quot;Most of the functionality allowed by the website can be performed by an attacker utilizing CSRF. This could include posting content to a message board, subscribing to an online newsletter, performing stock trades, using an shopping cart, or even sending an e-card. CSRF can also be used as a vector to exploit existing Cross-site Scripting flaws in a given application. For example imagine an XSS issue on an online forum or blog, where an attacker could force the user through CSRF to post a copy of the next big website worm. An attacker could also utilize CSRF to relay an attack against a site of their choosing, as well as perform a Denial Of Service attack in the right circumstances.&quot;[2] While the potential of this exploit has been widely known about it has been difficult to get attention because of the breadth of the vulnerability. Jeremiah Gorssman, CTO for WhiteHat Security, explains, &quot;Cross-Site Request Forgery (aka CSRF or XSRF) is a dangerous vulnerability present in just about every website. An issue so pervasion and fundamental to the way the Web is designed to function we've had a difficult time even reporting it as a &quot;vulnerability&quot;. Which is also a main reason why CSRF does not appear on the Web Security Threat Classification or the OWASP Top 10. &quot;[3] Recent research conducted by Computer Scientist at Princeton University reveals that the vulnerability remains still unaddressed by major Web sites including the New York Times, ING Direct, Metafilter, and YouTube. Perhaps the most disturbing of the vulnerabilities demonstrated was at the financial site ING Direct, as William Zeller and Edward Felten note, &quot; We discovered CSRF vulnerabilities in ING&rsquo;s site that allowed an attacker to open additional accounts on behalf of a user and transfer funds from a user&rsquo;s account to the attacker&rsquo;s account. As we discuss in Section 2.2, ING&rsquo;s use of SSL does not prevent this attack. We believe this is the first published CSRF attack involving a financial institution.&quot;[4] There are a variety of simple actions can be taken to eliminate CSRF attacks starting with automatic scanning for vulnerabilities, and then client and server side precautions. Zeller and Felten note that addressing this issue is important because CSRF and other similar exploits will only increase as we rely on more complicated web technologies to provide users with enhanced functionality.[5]</p> <div class="og_rss_groups"><ul class="links"><li class="first last og_links"><a href="/en/node/13855" class="og_links">Computer &amp; Information Science</a></li> </ul></div></div> <div class="field field-type-text field-field-source"> <h3 class="field-label">Source</h3> <div class="field-items"> <div class="field-item"><p>[1]"Cross-Site Request Forgery", Wikipedia, Cross-site request forgery - Wikipedia, the free encyclopedia<br /> [2] "The Cross-Site Request Forgery (CRSF/XSRF) FAQ", Robert Auger, cgisecurity.net, April 17, 2008, Cross Site Request Forgery (CSRF/XSRF) questions and answers<br /> [3]"CSRF, the sleeping giant", Jeremiah Grossman, September 26, 2006, Jeremiah Grossman: CSRF, the sleeping giant<br /> [4]+[5]"Cross-Site Request Forgeries: Exploitation and Prevention", William Zeller and Edward Felten, September 2008, <a href="http://www.freedom-to-tinker.com/sites/default/files/csrf.pdf" title="http://www.freedom-to-tinker.com/sites/default/files/csrf.pdf">http://www.freedom-to-tinker.com/sites/default/files/csrf.pdf</a></p> </div> </div> </div> http://sciencex2.org/en/node/51311#comments CSRF financial vulnerability hacking internet vulnerability security Computer &amp; Information Science Tue, 30 Sep 2008 08:55:32 -0700 Jerry Sheehan 51311 at http://sciencex2.org