БэФ블로그 - Comments

StarkPetra: Asterisk and the Blink

nospam@example.com (StarkPetra) — Fri, 02 Apr 2010 07:31:44 +0200

I had got a desire to start my own firm, however I didn't earn enough of money to do it. Thank heaven my dude told to utilize the loans. Hence I received the commercial loan and realized my desire.

Keith Jones: SWF in a nutshell and the malware tragedy

nospam@example.com (Keith Jones) — Thu, 01 Jan 2009 15:40:48 +0100

FBI reports that online crime is at an all time high. So why are we hearing so little about it? Cyber crime has been estimated by the US Treasury to be more valuable than the illegal drugs trade - worth more than $100 billion a year (http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article2844031.ece). What you don't see talked about much is that most large internet corporations are Mafia owned, and when a new successful company rises up, they buy it. Almost all online pornography is owned by mafia, usualy made from captive women & children in Russia or Eastern Europe. Large amounts of free spyware/antivirus software is created by mafia (http://www.timesonline.co.uk/tol/news/uk/article882386.ece), household names, & unsafe against their manufacturer, who create the kind of viruses etc. which you are trying to clean from your computer to begin with. About the only serious online non Mafia corporation is Microsoft, which is under continual attack from them, the reason you need continual security updates. You can read about how I came to know these things here: http://endmafia.com/

Hollie - Familienrecht Rechtsanwalt Stuttgart: SWF in a nutshell and the malware tragedy

nospam@example.com (Hollie - Familienrecht Rechtsanwalt Stuttgart) — Tue, 30 Dec 2008 15:04:46 +0100

hey a nice and interesting article. really thanx for this helpful information.. if i'm not mistaken the SWF file format delivers vector graphics, text, video, and sound over the Internet and is supported by Adobe Flash Player?? and over 99% of Web users now have an SWF plugin installed.. i'll try to find some more information on this point.

DanFuh: web drei punkt null

nospam@example.com (DanFuh) — Mon, 21 Jul 2008 12:38:05 +0200

Hallo BeF,

warum macht Ihr Euch Gedanken um das Web 3.0? Wir leben doch mittlerweile in einer Gesellschaft in der die Informationsflut so groß ist, dass selbst Begriffe wie Web, Internet, http oder Browser nicht mehr jedem ein Begriff sind.
Bevor ich Web3.0 definiere, würde ich lieber 20 Leuten erzählen was überhaupt Internet ist.
Es ist kaum zu glauben, aber ich begegne in letzter Zeit immer wieder Leuten die noch nie einen Browser bedient haben. Kommentare wie „Internet? Ne, das brauche ich nicht. Wo stell ich das denn hin? Für so etwas hab ich keinen platz in der Wohnung.“ oder „Internet, das heißt doch jetzt Live und nicht mehr MSN, oder?“ sind keine Seltenheit.

Im Internet liegt ein Teil unserer Zukunft, doch diese sollte für alle gleich sein. Es ist schon traurig, dass Leute in Foren blöd angemacht werden wenn sie fragen was Web 2.0 ist. Es ist noch trauriger, dass man selber fast schon ausgestoßen wird wenn man behauptet „Das ist in erster Linie ein Marketing Gag“.

Bleiben also die Frage:
Was ist Web 0.9?
Ist Web 4.0 Das Ende des Internet?
Wie viel IT Braucht der Mensch?

Gruß Daniel

fukami: SWF in a nutshell and the malware tragedy

nospam@example.com (fukami) — Thu, 27 Mar 2008 00:29:58 +0100

We talk about 2 different things here: One is the general problem of running remote JavaScript from another domain and this one gets hacked. The other one is a problem with a system for deploying ads by serving Flash files. For the second one nobody needs to get compromised in the first place: The attacker just buys some ad space and serves a malicious SWF over a trusted channel the way it is intended and exploits users browsing the page.

I mean even security people need their time to find out if a SWF is malicious or not, so how could people running ad networks could do any easier? I mean we are some of the people taking care in the moment that there are possibilities for analysis, not Adobe by giving incomplete specs under a weird license.

I realized the other day that some bigger companies started to ban the Flash plugin from their internal networks. By now most real existing exploits with Flash banners are nagware, but there are far enough possibilities to do it the hard way (btw not only by redirecting to sites carrying MPack and alike but also by exploiting one of the publicly undisclosed but known vulnerabilities for the current player, but that's different story).

Anyways, if Adobe won't react to concerns regarding silent redirection by the Flash plugin without any chance for users to control that behavior I'm sure the Flash plugin will be banned by many more networks - no matter if there is any other technology being able to misused for the same sort of exploitation.

John Dowdell: SWF in a nutshell and the malware tragedy

nospam@example.com (John Dowdell) — Wed, 26 Mar 2008 19:37:24 +0100

Hi, I know that this discussion is occurring in parallel email channels, and so will defer further comment here.

Yes, a SWF can redirect the page, just as JavaScript can. For a variant of redirects from hosting untrustworthy content, see:
http://radar.oreilly.com/archives/2008/01/dangers-of-remote-javascript.html

jd/adobe

fukami: SWF in a nutshell and the malware tragedy

nospam@example.com (fukami) — Wed, 26 Mar 2008 13:50:40 +0100

John, Flash is able to exploit trust if used as a banner. Most real Flash based malware found is basically a redirector and most ad networks still don't get the fact that SWF is not the same like an image. There is also no help from Adobe to identify potencial malware (which is not easy in case of redirects) and it is somewhat a shame that people rely on tools like NoScript if they dont want to be exploited by malicious SWF.

The main concern about this specific attack (means: redirections from within Flash banner ads) is that Flash just redirects without any possibility for user to interrupt before an exploitation is happening.

John Dowdell: SWF in a nutshell and the malware tragedy

nospam@example.com (John Dowdell) — Tue, 25 Mar 2008 04:28:06 +0100

Hi, is your core concern "Can someone introduce a 'SWF of evil intent' into an ad network?" If so, they can, although I'm not sure what it would be able to do... any SWF's instructions are executed by the Adobe Flash Player, and run within the Player's security scope. Handcoding a SWF won't change what a SWF might be able to ask the Player to do.

The issue of third-party content is a real one. You may remember Niall Kennedy's "goatse" incident of a few years ago, where Microsoft got burned for hotlinking to an image. A few months ago O'Reilly Radar told the tale of a PHP visitor counter on a website whose domain lapsed, and whose new owner introduced redirection code via JavaScript through that existing invocation. And any request to a third-party server logs your IP address with them... the advertising networks have the capability to track you as your connection jumps from as-supported site to ad-supported site.

Integration of third-party content is tricky, particularly when you may be accepting content from people who do not merit your trust.

If you can do something to break the Player's security sandboxes we'd like to know of it, thanks... a note at http://www.adobe.com/support/security/alertus.html would be greatly appreciated.

But yes, you can handcode and obfuscate a SWF. I'm not sure what you could then make it do that would be appreciably riskier than accepting JavaScript from a stranger, though.

jd/adobe

jeff: PoC Telephony Applications

nospam@example.com (jeff) — Fri, 07 Mar 2008 22:06:35 +0100

Sounds like a fun game. I dont know how to code so this works out. Lol to You're facing a wall! Probably feel like saying no sh!t.

БэФ: SWF in a nutshell and the malware tragedy

nospam@example.com (БэФ) — Mon, 18 Feb 2008 20:52:07 +0100

You are absolutely right to point out that malware is not identical to obfuscation. However intentionally hidden or obfuscated code brings up a few question: Why has it been hidden in the first place? Could it be an attempt at DRM or protect more than just rights? And finally: Can the code be trusted?
In the end the possibility remains that any code executed on my machine (obfuscated or not) may traverse its security boundaries and thus be harmful. Obfuscation is only one indicator of many.

bokel: SWF in a nutshell and the malware tragedy

nospam@example.com (bokel) — Mon, 18 Feb 2008 20:23:14 +0100

it has to be "we better call it obfuscation than malware." of cause.

bokel: SWF in a nutshell and the malware tragedy

nospam@example.com (bokel) — Mon, 18 Feb 2008 20:20:22 +0100

Hi Ben, interesting project. I've never had the chance to look into Erlang really. It will be interesting to see your code.

I'm not a security guy, but i think, the possibility to hide code is different from doing bad things with a flash movie. I'd say, unless you are able to demonstrate something bad, we better call it obfuscation than obfuscation.

Cheers
bokel

cosmea: Quadratlatschen (Update)

nospam@example.com (cosmea) — Sun, 21 Oct 2007 22:10:12 +0200

hallo bef,
ein kuscheliges zuhause für verschmähtes wissen gibts auch hier: http://s23.org/wiki/Asyl_f%C3%BCr_gel%C3%B6schte_Wikipedia_Seiten
grüsse, cosmea

johannes: Eisessend in der Fußgängerzone

nospam@example.com (johannes) — Sat, 11 Aug 2007 00:12:17 +0200

ganz großes kino, der text! mehr davon, du menschenbeobachter. ich dachte hacker könnten sowas nich…

gerne hätte ich auch den ein- oder anderen beweis deiner dadaistischen wortschöpfungskultur- auch testimonial von den marketingmenschen genannt.

johannes: Weltherrschaft durch puren Unsinn

nospam@example.com (johannes) — Thu, 26 Apr 2007 20:16:50 +0200

erinnert mich irgendwie an oskar pastior und ernst jandl…