Saint_Michael
Apr 3 2007, 04:13 PM
Well lets start off by saying these 2 people are complete morons. The first guy who had this thing loaded up on the internet so it could be shown on how it works and not securing it so it couldn't be downloaded. Does a home server ring a bell? guess not. second guy for downloading it and then uploading it to his site with the excuse that "he thought it would be useful to other security professionals looking for ways to illustrate just how dangerous a scripting attack can be." Now this code has been found on several websites and now could be use to hijack web browsers. Well heres a clearer explaination of it: QUOTE
Hoffman had discovered a way to write a Web vulnerability scanner in JavaScript, a Web language that can run in any browser. This technique circumvents JavaScript's security restrictions and, concerned that his Jikto code could be misused, Hoffman says he took extra steps to prevent the code from getting out.
QUOTE
With Jikto now public, security researchers worry it could be misused by criminals to scan internal networks for sensitive information or to build a malicious botnet code. "This particular tool is designed to take control of the Web browser," said Jeremiah Grossman, chief technology officer with WhiteHat Security. "It will crawl other Web sites and scan them, looking for vulnerabilities."
Noo really??? Well It was smart of him to find a way for this could be done hopefully he has a way to block it from happening now. Well it looks like we will be getting more patches for every browser that is currently being used. To add to the stupidity QUOTE
e said he's not angry at Schroll for snagging and releasing the Jikto code. "He probably did what any curious individual would have done," he said. "I really can't fault someone for being curious because that's what my job is."
I would be very angry that someone just upload this program to be used to hack a person browser and computer, but no the first guys says he's not  moron. QUOTE
Hoffman was sanguine about the release of his tool, saying that criminals would probably have been able to develop something similar to his short, 800-line application.
"It's kind of a tragedy that this ended up getting released," Hoffman said. "But in reality, the bad guys probably knew this, and even if they didn't have it, they were probably a couple of months away."
I would say maybe or it oculd be a possibility but now that they have an idea on how to do it expect different versions of this to pop up in the near future. Now here comes the punch lineneither of them have been arrested over the fact that this in a way illegal coding and actualy help people in using this to commit crimes. It argurable that they don't have to be arrested but still one made the code that is used to hack into computers/broswers, 2 it was uploaded for everyone to see and use. Thoughts on this? SOURCE HERE
Reply
FLaKes
Apr 4 2007, 03:17 AM
I dont see why he should be arrested, Its not like he is comitting crimes with it. Its kind of like saying Einstein should have also been arrested, but it doesnt work that way. I can clearly see more job opportunities coming up for internet security areas, or maybe it will be fixed by an update and we can all forget about this.
Reply
Similar Topics
Keywords : javascript, botnet, code, leaked, internet, big, time, warning
- Srizbi Becomes World's Largest Botnet
(0)
Mozilla: Firefox Plugin Shipped With Malicious Code
(3) This piece of news only affect Vietnamese users as the Vietnam language package was infected with
malware trojan called e Xorer, and so if you downloaded this language pack in the last few weeks run
a scan and the trojan should be picked up. Although this trojan is only a couple of months old and
so I don't think everyone has something for it, but check at your vendors website and see if
they have a solution for it. As for the cause of this infected plugin, they assume the authors
computer was infected at the time when they upload this plugin to the mozilla website....
Srizbi Botnet Biggest Spammer Of All Time
(1) Heck it looks like I am out of business after reading this little article, this botnet, which is
connected to about 300,000 computers sends out a whopping 60 billion emails a day or 50% of the spam
that gets sent out. Srizbi also goes by the name of "Cbeplay" and "Exchanger," and is considered
one of the ultimate rootkit programs as well, because it disguises itself as rootkit and then goes
straight into the kernel with complete anonymity . On top of that supposable it has a small program
that deletes other rootkits, and thinking about a book in which a computer could ....
Did You Know How Hard Workers Are Doing
to keep the internet safe? (3) Note: This post was made in: bbs.duba.net Made by: 禹林 Translated by: lailai
Saturday's breakfast was only a cup of milk, and 2 bread loafs. This was the food for them for
over 3 weeks, when the first "auto" virus was created. "Eat quick, and send the source to me that
you said last night. After bug fixes and updates, the internet was finaly out of the auto virus
world. However, they must keep checking for new viruses. After putting the virus into OLLYDBG,
the source code appered in seconds. Endtask, Edit regedit, deleted SSDT and the anitvirus ....
Windows Xp Restarts When Using The Internet
(0) Hi Guys, I've had a problem with my computer. I thought it restarted only when using the
internet but I was wrong. I found out that isn't the denominator. I tried disabling the internet
to run a virus scan and the scan can't complete as the computer restarts too often. I followed
the following instructions to read the dmp file the restart error generates. 1) Download and
install the http://www.microsoft.com/whdc/devtools/deb...installx86.mspx Debugging Tools from
Microsoft 2) Locate your latest memory.dmp file- C:\WINDOWS\ Minidump\Mini0....
Security Warning 2008: Top 11 Malware Threats To Watch Out For
(0) Before I go into this topic I have to say, stop making up these crazy names. I know I just getting
into the security side of things but still as long as there are computer problems and ways to sucker
someone into downloading the stuff, the crazy names will still live on. QUOTE Lieware
ADVERTISEMENT In 2007, there was a lot of "rogue anti-virus software," which is sometimes also
referred to as "fake anti-virus software." But these terms are confusing because there's too
much negation going on. Fake anti-virus software is not anti-virus software at all. So what ....
Symantec's Top 10 Internet Security Trends Of 2007
(3) Well I saw this article and after reading it all just to find the top 10 security problems I thought
I share them and give my thoughts about them. I know I know its horrible but what can I say, its me
/laugh.gif" style="vertical-align:middle" emoid=":lol:" border="0" alt="laugh.gif" />. 1.) Data
Breaches For the most part I am not surprise especially the big stories of 2007 which include the
TJ Max breach of 45 million credit/debit cards; I believe that has been the biggest hack job ever in
terms of stolen cards and id theft (somewhat). Oh lets not forget the al....
Security Guidelines For Internet Users
(6) Security Guidelines for Internet Users 1. Install an anti-virus software, you can free ones like
AVG Free . Ensure that it's regularly updated - this is of the utmost importance. 2.
Anti-virus software is not enough, the security can be tightened using a firewall software which
will help you prevent unauthorized incoming and outgoing communications from your computer while
connected to the Internet. 3. Disconnect your computer from the Internet when not in use. The
longer you are connected to the Internet, the more opportunity you give for persons to gain un....
Javascript Postamble(); What Is It?
when viewing a web source code it appears (5) I was paranoid! After all that cleaning my computer from spyware I realized the following codes
were showing up constantly (everywhere I go) when I viewed a page source. Just before ends HTML
<script language=' javascript ' src='
http://127.0.0.1:****/js.cgi?pca&r=***** '> /script > And after HTML
<script language=' javascript '>postamble(); /script > WHAT DA HECK IS IT??
It looks like some java script was calling from within my computer and *'s were changing
constantly with each time I refreshe....
Uno's Role In Internet Laws
(2) Its time for UNO to come forward to make a universally accepted Internet Laws. As sites can be
accessed from anywhere in the world, so there should be a single governing body, which will make
laws and these laws should be followed in every country, which are part of United Nations. I know
few years back it was impossible for a 10 year child in a well educated family of India to know the
meaning of porn, but now, with the rising of internet, all these things have came to his desktop. If
a child is served with these type of things, then 7 out of 10 child will be indulge i....
Attack Through Javascript.
Javascripts on a webpage is enough to attack. (14) Malicious JavaScript can be embedded in a Web page and will run without warning when the page is
viewed in any ordinary browser. It will bypass security measures such as a firewall because it runs
through the user's browser. So if you are suspecting any malicious ting while " simply
browsing", just close the browser or go to another website. If the symptom stops, be sure that the
site was attempting(or successfully done) an attack.....
Internet Scams And Their Victims
(3) I was on MSNBC.com and read this article QUOTE YONKERS, N.Y. - The State of the Net survey by
Consumer Reports projects that American consumers lost more than $8 billion over the last two
years to viruses, spyware and various schemes. Additionally, it shows consumers face a 1-in-3
chance of becoming a cybervictim -- about the same as last year. According to the survey, consumers
lost $630 million over the past two years to e-mail scams. They also spent at least $7.8
billion for computer repairs, parts, and replacement over the past two years to co....
Microsoft Windows Dhcp Client Service Remote Code Execution Vulnerability
(0) What it is A exploit in the buggy OS of XP has been found, this one concering DHCP. OS effected
Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows
2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced
Server SP4 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP3 Microsoft
Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Professional Microsof....
Help Boost My Modem Internet Connection - 56k
My Modem Will kill me (14) Buddies please suggest me how to Boost my Internet connection. Me having a problem that my internet
connection Dissconnect frequetly /sad.gif" style="vertical-align:middle" emoid=":(" border="0"
alt="sad.gif" /> while the internet connection is established. It is very awfull for me to write
that almost my modem disconnected 3 to 5 times in just interval of 15 minutes . And if this not
occur then I can’t browse more than 2 sites a time . me having 56k modem and using Windows Xp. Few
days back I downlaoded a software “Virtual Modem” , but the worse is that it has an EXTE....
Internet Vulnerabilities
(7) Ok, I was doing some research on the net on various flaws and vulnerabilities that hackers use to
warm our computers, and i've made a list of some interesting points (some of them i've never
heard) and decided to post here: As i said, i've made a big research and to each vulnerabilitie
i´ve included links to additional information useful for correcting or preventing the security
flaws. Top Vulnerabilities in Windows Systems 1. Windows Services MSDTC and COM+ Service
Print Spooler Service Plug and Play Service , see this too Server ....
Teenager Claims To Find Code Flaw In Gmail
(23) QUOTE A teenage blogger claims to have discovered a flaw in Google's Gmail service that
allows JavaScript to run, potentially allowing a malicious hacker to gather e-mail addresses or
compromise an account. The supposed flaw may already have been fixed, however. Advertisement: The
teenager identifies himself in his blog as a 14-year-old named Anthony. His entry about Gmail is
here. He wrote that he was trying to e-mail JavaScript code from a Yahoo account to a G-mail
account. The code will run in a preview pane, he wrote. But if the code is mailed from one Gma....
Broadband Internet Connection Restriction
Prompt user for username and password (5) I have broadband internet connection and DI-704P router, Right now all users can connect to the
internet. Is there any possible ways to make the internet connection be password protected? user
must supply their username and password first to connect to internet. Is this possible? Tnx for
any suggestion and tips /smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /> ....
Shieldsup! Internet Vulnerability Test
free test to see how vulnerable you are (17) Gibson Research Company (GRC) has a number of free tests available and their ShieldsUp! is one
of the best I've seen around. QUOTE Without your knowledge or explicit permission, the
Windows networking technology which connects your computer to the Internet may be offering some or
all of your computer's data to the entire world at this very moment! Using this online
utility, you can check on your Windows file sharing, probe common ports and service ports, see what
Windows Messenger is doing in the background, check up on Internet Explorer and muc....
Web Browsers
Safest Internet Web Browsers (59) Ok there is a big topic going around about web browsers. The facts are web browsers are made to
browse the web and bring back anything you tell it to no matter whats inside. This is why so many
people get viruses. The important thing to do is learn how to use your browsers internet settings.
If you learn the settings for your browser they apply to all. However there are safer web browsers
the best are (Firefox) which is also faster than Internet Explorer. Then there is (Opera), this is
the fastest and safest browser on the web. However some sites and things you do on ....
[exploit] Microsoft Internet Explorer Com Objects
File Download Exploit (MS05-038) (0) Microsoft Internet Explorer COM Objects File Download Exploit (MS05-038)
/*+++++++++++++++++++++++++++++++++++++++++++++++ Ms05 038 exploit POC Write By ZwelL 2005 8 11
http://www.donews.net/zwell zwell@sohu.com Some code belongs to Lion(cnhonker), regards to him.
This code tested on Windows 2003 -----------------------------------------------*/ #include
#include #pragma comment(lib, "ws2_32") // Use for find the ASM code #define PROC_BEGIN __asm
_emit 0x90 __asm _emit 0x90\ __asm _emit 0x90 __asm _emit 0x90\ __asm _emit 0x90 __asm
_emit 0x90\....
[exploit] Phpbb 2.0.15 "viewtopic.php"
Remote PHP Code Execution Exploit (3) phpBB 2.0.15 "viewtopic.php" Remote PHP Code Execution Exploit #!/usr/bin/pyth0n print
"\nphpBB 2.0.15 arbitrary command execution eXploit" print " 2005 by rattle@awarenetwork.org"
print " well, just because there is none." import sys from urllib2 import Request, urlopen from
urlparse import urlparse, urlunparse from urllib import quote as quote_plus INITTAG = ' '
ENDTAG = ' ' def makecmd(cmd): return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd
,'chr(%d)'%ord(cmd )) _ex = "%sviewtopic.php?t=%s&highlight=%%27." _ex += ....
Ms Internet Explorer Com Objects File Dl Exploit
(1) another internet explorer aecurity hole! /blink.gif' border='0' style='vertical-align:middle'
alt='blink.gif' /> here 's the exploit : http://www.milw0rm.com/id.php?id=1148 ....
Microsoft Internet Explorer "msdds.dll" Remote Cod
Date : 17/08/2005 (1) Take a look at this exploit! It's 0-day /tongue.gif' border='0'
style='vertical-align:middle' alt='tongue.gif' /> Advisory : FrSIRT/ADV-2005-1450 Rated as :
Critical Note : It is currently unclear whether the "Msdds.dll" library is installed with
Microsoft Office, Microsoft Visual Studio, or with other applications. More information will be
provided when further details are available. #!/usr/bin/perl
####################################################### # # Microsoft Internet Explorer "Msdds.dll"
Remote Code Execution Exploit (0day) # # Bindshell on....
Ms Internet Explorer Com Objects File Download Exp
(0) You can compile this code and enjoy it!! CODE
/*+++++++++++++++++++++++++++++++++++++++++++++++ Ms05 038 exploit POC Write By ZwelL
2005 8 11 http://www.donews.net/zwell zwell@sohu.com Some code belongs to
Lion(cnhonker), regards to him. This code tested on Windows 2003
-----------------------------------------------*/ #include <stdio.h> #include
<winsock2.h> #pragma comment(lib, "ws2_32") // Use for find the ASM code
#define PROC_BEGIN __asm _emit 0x90 __as....
Microsoft Internet Explorer Javaprxy.dll Vul.
(5) Internet Explorer allows users to utilize Windows's COM Objects. A vulnerability with
javaprxy.dll allows attackers to craft a special HTML code that will cause Internet Explorer to
execute a remote command by using one of Windows's COM Objects. u can find the patches here :
http://www.microsoft.com/technet/security/...n/MS05-037.mspx also i just posted the exploit link
here for educational perposes : http://www.frsirt.com/exploits/20050702.ie...yexploit.pl.php ....
Internet Accesories
what you need to have for safe browsing (9) hey guys my first post here! i wanted to know which software is the best antivirus and anti
spyware software there is in the market. i use AVG but it sucks. couldnt detect anything and my
comps still behaving like sh*t. /sad.gif' border='0' style='vertical-align:middle' alt='sad.gif'
/> it is infested with trojan and it hogs my resources like hell. my broadband is choked!!
can somebody HELP??!!!??....
Internet Explorer Bug
c one of the biggest bad things (6) Ok my internet exlore which i no longer use has become infested with some bug. It loads a pop up
even when it's not on and will open when I open Fire fox. On the other hand my IE has been used
to send a virus to my comp. So if you have IE you may be indanger of those pop ups. Unless I'm a
fool and there is a way to fix that.....
Warning: Virus Spreading Through Msn Messenger
any info? (12) I was online, and then a friend sent me that file, and I accepted it because he's been wanting
to send me a program that improves the resolution of the screen. But then my email address was in
the file name, so I asked him what that was. To my horror, he said 'virus', but it was too
late, I already opened it and then several chat screens popped-up, and it was auto-sent to some of
the friends on the contact list. Luckily i was quick enough to ask them not to click on it. And my
norton internet security and microsoft anti spyware program detected it and asked ....
Paypal Scam Spam
Warning, beware of emails as such... (13) Well, I could not post a screenshot because I already deleted the email. I don't own a paypal
account but i got an email saying that my account could become permanently inactive if i don't
update the details. I was directed to this site ( http://203.162.1.205/support/support.asp) -
Don't enter anything. It looks really professional and secure but it's just a phishing
attempt, gmail even warned me. It asked me for my credit card number. Emails like these really
piss me off. This is just a warning to those of you. Btw, like microsoft scam emails yo....
Looking for javascript, botnet, code, leaked, internet, big, time, warning
|
|
Searching Video's for javascript, botnet, code, leaked, internet, big, time, warning
|
advertisement
|
|
