[Discussion] new thread: biggest threats

Martin Holste mcholste at gmail.com
Wed Oct 22 13:37:44 UTC 2008


I would agree that for the server arena, SQL injection is probably the
biggest current threat for most as far as potential damage to their
organization.

For client side, I think that malicious Javascript has got to be near the
top.  I was picking apart an attack last week in which the attackers had
gotten an ad banner on a major ad syndicate which was iframing to a
particularly nasty bit of Javascript.  This script created two Java classes
by binary packing the entire object as a Javascript string, then referring
to that object in the same Javascript.  The next thing the client did was to
make a malware download with "Java 1.5" in the user agent.  While browser
plugin and client-side app vulnerabilities rotate, the attack vectors and
payload delivery framework usually rely on Javascript.

Brainstorm: Create an IP/domain blacklist that the NoScript guys can have
their plugin point at?

--Martin

On Wed, Oct 22, 2008 at 6:37 AM, David Glosser <david.glosser at gmail.com>wrote:

> What are the biggest threats out there (and tomorrow?)  today that
> this new project may be of benefit?
>
> I'm voting for:
> asprox/sql injection - website owners having their sites infected,
> which means, for granny, it's no longer possible just to tell granny
> to only go to safe sites... And When adobe's site  is infected (1) ,
> it's a corporate issue as well
> fake security sites - so many domains, fast flux, double-fast flux,
> etc. very low initial detection, sigs are always playing catchup
> future - continuing infection of web sites running unpatched software,
> dns or bgp-related attacks/exploits
>
> As this is brainstorming, if you don't think it's a good thread,
> don't criticize, just don't respond  ;)
>
> (1)http://blogs.zdnet.com/security/?p=2039
> _______________________________________________
> Discussion mailing list
> Discussion at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/discussion/attachments/20081022/4ba943b7/attachment-0002.html>


More information about the Discussion mailing list