I would agree that for the server arena, SQL injection is probably the biggest current threat for most as far as potential damage to their organization.<br><br>For client side, I think that malicious Javascript has got to be near the top. I was picking apart an attack last week in which the attackers had gotten an ad banner on a major ad syndicate which was iframing to a particularly nasty bit of Javascript. This script created two Java classes by binary packing the entire object as a Javascript string, then referring to that object in the same Javascript. The next thing the client did was to make a malware download with "Java 1.5" in the user agent. While browser plugin and client-side app vulnerabilities rotate, the attack vectors and payload delivery framework usually rely on Javascript.<br>
<br>Brainstorm: Create an IP/domain blacklist that the NoScript guys can have their plugin point at?<br><br>--Martin<br><br><div class="gmail_quote">On Wed, Oct 22, 2008 at 6:37 AM, David Glosser <span dir="ltr"><<a href="mailto:david.glosser@gmail.com">david.glosser@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">What are the biggest threats out there (and tomorrow?) today that<br>
this new project may be of benefit?<br>
<br>
I'm voting for:<br>
asprox/sql injection - website owners having their sites infected,<br>
which means, for granny, it's no longer possible just to tell granny<br>
to only go to safe sites... And When adobe's site is infected (1) ,<br>
it's a corporate issue as well<br>
fake security sites - so many domains, fast flux, double-fast flux,<br>
etc. very low initial detection, sigs are always playing catchup<br>
future - continuing infection of web sites running unpatched software,<br>
dns or bgp-related attacks/exploits<br>
<br>
As this is brainstorming, if you don't think it's a good thread,<br>
don't criticize, just don't respond ;)<br>
<br>
(1)<a href="http://blogs.zdnet.com/security/?p=2039" target="_blank">http://blogs.zdnet.com/security/?p=2039</a><br>
_______________________________________________<br>
Discussion mailing list<br>
<a href="mailto:Discussion@openinfosecfoundation.org">Discussion@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/discussion" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/discussion</a><br>
</blockquote></div><br>