SecurityRatty: tag: redirect

The Bitrix open redirect vulnerability: a lesson in the absurd

2008-07-22 23:00:00 by Russ McRee in HolisticInfoSec.org

...redirect vulnerabilities really bother me; thus Open redirect vulnerabilities: definition and prevention in (IN)SECURE Issue 17 Sidebar: I recently spotted a great academic paper on the same issue by Shue, Kalafut, and Gupta at Indian University. Definitive, to say the least Back to the issue at hand. It should have occurred to me to check...

Tags: vulnerability, redirect, redirect vulnerability, cve vulnerability advisory, redirect vulnerabilities, bitrix site manager, site, issue, secure issue

Open redirect vulnerabilities article - (IN)SECURE Issue 17

2008-06-26 10:18:00 by Russ McRee in HolisticInfoSec.org

...redirects that's been published in Issue 17 of (IN)SECURE Magazine . Page 43 for your reading pleasure An open redirect is a vulnerability that exists when a script allows redirection to an external site by directly calling a specific URL in an unfiltered unmanaged fashion, which could be used to redirect victims to unintended malicious web...

Tags: redirect, issue, redirect victims, malicious web sites, giant pet peeve, specific url, vulnerability, article, dangers

DNS poisoning used to redirect unwitting surfers

2007-12-13 07:40:12 by Editor in Digg / Security

A new type of DNS exploit could launch a fresh wave of phishing attacks. According to new research results from Google and the Georgia Institute of Technology, a number of DNS servers on the 'net are now deliberately feeding users false information in an attempt to redirect them elsewhere

Tags: users false information, dns servers, fresh wave, redirect, research results, dns exploit, georgia institute, google, attacks

EarthLink redirect service poses security risk, expert says

2008-04-19 13:00:00 by Editor in Computerworld Security News

A redirect service deployed by EarthLink and other ISPs to handle mistyped Web-page requests may have given attackers an opening with which to launch undetectable phishing attacks

Tags: redirect service, earthlink, launch undetectable, web-page requests, isps, attacks, attackers, handle

Phishing Holes

2008-04-03 21:39:00 by sdl in The Security Development Lifecycle

...redirects the user to whatever location is specified in the p parameter of the querystring, highlighted below http://www.somebank.com/welcome.aspx?p= http%3A%2F%2Fwww.somebank.com%2Flogin.aspx This may look pretty innocent to you. But what if I sent you an email claiming to be from SomeBank, telling you that your account was under...

Tags: somebank, domain somebank, somebank rewrites, aspx, aspx redirects, redirect, saferedirect library, comwelcome, library

The ICANN Responds to the DNS Hijacking, Its Blog Under Attack

2008-07-07 06:27:00 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...redirect was a result of an attack on ICANN's registrar's systems . A full, confidential, security report from that registrar has since been provided to ICANN with respect to this attack It would appear the attack was sophisticated, combining both social and technological techniques , but was also limited and focused. The redirect was...

Tags: blog, attack, icann, wordpress blog, icann blog, recent attack, dns redirect, redirect, software wordpress

Phishing reloaded

2008-04-04 21:18:18 by Editor in Security x.0

...redirectors Along with phishing-based keyloggers we are seeing high increases in traffic redirectors. In particular the highest volume is in malicious code which simply modifies your DNS server settings or your hosts file to redirect either some specific DNS lookups or all DNS lookups to a fraudulent DNS server. The fraudulent server replies...

Tags: fraudulent, fraudulent server replies, paper describes mechanisms, paper, dns lookups, specific dns lookups, fraudulent dns server, traffic redirectors, user authentication method

Monetizing Web Site Defacements

2008-06-13 11:54:20 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...redirect to known rogue security software, in this case, the XP antivirus protection ( securityscannersite.com ) which you must be familiar with if you were following the assessments of the massive IFRAME SEO poisoning attacks that took place during March this year. More about the found The Africa Middle Market Fund is a private capital fund...

Tags: site, web site defacements, site helps webmasters, web site defacement, web sites, sites, traffic exchange, traffic, traffic suppliers

SQL Injecting Malicious Doorways to Serve Malware

2008-07-21 01:45:57 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...redirectors to malicious doorways serving malware is becoming increasing common, as is the use of SQL injections in order for the malicious parties to ensure their campaigns will receive enough generic traffic to their redirectors. Excluding the use of the very same traffic management tools, web malware exploitation kits, templates for the...

Tags: malware, malicious doorways, sites, rogue adult sites, malware gangs, campaigns load on-the-fly, campaigns, fake porn sites, sql

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo