R
rf
If your system is so insecure that this can happen then you should unplug
your system from the internet. It's unsafe.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
If your system is so insecure that this can happen then you should unplug
your system from the internet. It's unsafe.
N
navti
navti said:
You know this for a fact? Can you name such a site?
Or did this happen to a friend of a friend?
--
it happened to me on windoze which is why i scrapped windoze for mac
os x and linux.
you guys are seriously trying to tell me yhou have never heard of
these kind of attacks ?
i suggest you visit some security websites to see how prevalent they
are and how easy they seem to be to execute.
N
navti
If your system is so insecure that this can happen then you should unplug
your system from the internet. It's unsafe.
i did, it was called windows and i replaced it with a secure system
called os x,
D
Dag Sunde
navti said:what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client doesnt
have to do anything to give up his data to a malicious website so why
are you denying it ?
Prove it!
Prove it by posting a link to such a site, and I'll go there myself
with all my different browsers to see if you are right!
D
Dag Sunde
navti said:it happened to me on windoze which is why i scrapped windoze for mac
os x and linux.
you guys are seriously trying to tell me yhou have never heard of
these kind of attacks ?
i suggest you visit some security websites to see how prevalent they
are and how easy they seem to be to execute.
The only way that can happen is in scenario 3.) above when using IE.
And then only when someone have manually turned off the default security
settings in IE first.
I suggest you post a link to this "Magic" malicious site...
N
navti
The only way that can happen is in scenario 3.) above when using IE.
And then only when someone have manually turned off the default security
settings in IE first.
I suggest you post a link to this "Magic" malicious site...
there are thousands of sites which can harm your computer.
most are porn etc
tell me you are pulling my leg ?
you have never heard of webattacker, xss etc etc
M
MikeB
Dag Sunde said:Prove it!
Prove it by posting a link to such a site, and I'll go there myself
with all my different browsers to see if you are right!
Aren't you starting to get an image of a short squat fellow domiciled beneath
an over water conveyance structure...
D
Dag Sunde
navti said:there are thousands of sites which can harm your computer.
most are porn etc
I promise not to blush... Post a harmful link!
tell me you are pulling my leg ?
No, definitely not!
you have never heard of webattacker, xss etc etc
Of course I have, but those is only harmful to those that have opened
up the default security settings of their browsers... javaScript alone
can't do any harm to my computer. And neither can Applets or ActiveX
controls without me giving them explicit permission to do so.
This thread started with you claiming that an "enemy's" web-site
managed to access your computer
i visited a website of an enemy and he not only did a listing of my
local files he also copied them to his server. im pretty certqain he
was using javascript.
</quote>
Post a link to this site. It is in everybody's interest that you do so.
N
navti
I promise not to blush... Post a harmful link!
No, definitely not!
Of course I have, but those is only harmful to those that have opened
up the default security settings of their browsers... javaScript alone
can't do any harm to my computer. And neither can Applets or ActiveX
controls without me giving them explicit permission to do so.
This thread started with you claiming that an "enemy's" web-site
managed to access your computer
</quote>
Post a link to this site. It is in everybody's interest that you do so.
Dag
this happened a while ago and the site is long gone,
you must know that these sites only stay online for a few days before
they are pulled down,
i am interested to know how he got hold of my files.
he pointed me to some of his websites and i went and had a look, i
clicked a few links and hey presto my hard drive starts churning,
by the time i realised what had happened he had nicked my files. i
know this because he got my telephone numebr and email and home
address from my resume which was on my desktop . i certainly never
sent it to him,.
this has happened to me since and i have wiped windows off my
remaining PC and installed linux.
i got rid of my ibm thinkpad and got myself a powerbook.
i am now rid of the virus called windows.,
We both know this happens all the time on windows so why are you
denying it ?
L
-Lost
MikeB said:Aren't you starting to get an image of a short squat fellow domiciled beneath
an over water conveyance structure...
I know, I know!
A troll!
What do I win!?
N
navti
grow up will you.I know, I know!
A troll!
What do I win!?
i want to know how it was done.
i guess i will have to buy webattacker to find out.
L
-Lost
navti said:grow up will you.
i want to know how it was done.
i guess i will have to buy webattacker to find out.
Don't even start with me. It just so happens I trashed a response to
you, basically stating this thread and your responses in it were crap.
And funny, one of the things in it was, "And if you're just fishing for
exploit code, you'd have much better luck Googling."
And for the record... no is denying what you are saying. What people
are denying is that you were running as secure as humanly possible
installation of Windows. It is evident by your browser hijacking
session that you were not operating under a secure premise. That says
something about you, not about anyone else in this thread.
You'll forgive us if we think you are troll. 8-|
N
navti
Don't even start with me.
start what ?
D
Dag Sunde
T
The Magpie
It looks to me - and I could be wrong - that it pushes a buffer overflownavti said:he stole my files . i know this for a fact.The (dreaded) MSVM.it all happened automatically without any intervention. i was using
win2k and ie6 at the time. i have since switched to mac os x. ...
if ((JVM_vers[0]!=0)&&(JVM_vers[2]<3810))
{ ExploitNumber=1; }
else // if JVM = 5.0.3810.0 or higher
If this script found a 3809 or previous build MSVM, it
might have taken advantage (using a Java applet) of any
number of security holes in those Microsoft VM's.[snip]
why would you think it was otherwise ? have you been living down a
mineshaft for the past 5 years ? never heard of xss ? are you in some
sort of state of denial ?
only an ignoramus would try and deny it was possible for a webserver
to compromise a client's machine.
my mistake is thinking javascript was enough . obviously it was a
combination of javascript, java, activex , php , xml etc etc
to the browser to start existing code. I'd have to pull it to bits to be
sure what its doing, but it seems it is using Javascript to build a page
existing code can read so that it knows what exploit to run.
If that's right - and as I say, it may not be - then it means that you
would have earlier agreed to let that code onto your machine either
explicitly or by having very low security settings on your browser. Low
enough that it can pretty much only be IE. It then exploits existing
software on your machine, such as Norton, McAfee and the old MS JVM
apparently.
Though I agree with the others so far, unlike them, I do think that once
it has got that far, it is quite possible to steal your files. I'd need
to see the code it on your system, but this kind of apparent "drive by"
as you call it is not really what you think. Its a double-attack; you
get apparently "safe" code on your system, later on you start it from a
site that doesn't carry any invasive code - in this case, a bit of
Javascript.
At that point, the code sitting quietly on your machine leaps into
action, does its thing and shuts up. Its a trojan, pure and simple. The
Javascript just exploits IE to start the trojan and it is the trojan,
not the Javascript, that does the damage. WIth luck, the person that
gets hit is daft enough to think its that one website that causes the
problem, so doesn't realise the *real* problem is still sat on his
computer - the trojan.
A
Andrew Thompson
....
he stole my files . i know this for a fact.
why would you think it was otherwise ?
Who? I specifically stated (requoting)
...have you been living down a
mineshaft for the past 5 years ? never heard of xss ? are you in some
sort of state of denial ?
See above 'it is possibe'.
only an ignoramus would try and deny it was possible for a webserver
to compromise a client's machine.
Only an ignoramus would quote and comment on replies
they had apparently not read, or not understood. Try
not being an ingoramus, next time.
Andrew T.
C
Christopher Barber
navti said:i did, it was called windows and i replaced it with a secure system
called os x,
OS X is not inherently any more secure than Win XP. It is simply that
hackers spend far more of their time trying to break into Windows than
other platforms.
I
Ivan Marsh
OS X is not inherently any more secure than Win XP. It is simply that
hackers spend far more of their time trying to break into Windows than
other platforms.
....and if people keep saying that enough it will some day become true?
People spend more time writing malicious code for Windows than any other
OS because any idiot can write a debilitating virus or worm for Windows.
So much so that a few of the most destructive worms written for Windows
were accidentally as destructive as they turned out to be. (see: iloveyou
virus... which wasn't a virus.)
The current security hole in Open Office is the closest thing there's ever
been to an ease of use windows exploit. But I have no doubt that hole will
be closed before there's ever an exploit in the wild.
L
-Lost
Ivan said:...and if people keep saying that enough it will some day become true?
People spend more time writing malicious code for Windows than any other
OS because any idiot can write a debilitating virus or worm for Windows.
So much so that a few of the most destructive worms written for Windows
were accidentally as destructive as they turned out to be. (see: iloveyou
virus... which wasn't a virus.)
The current security hole in Open Office is the closest thing there's ever
been to an ease of use windows exploit. But I have no doubt that hole will
be closed before there's ever an exploit in the wild.
Which version and where is it already listed as an exploit?
I
Ivan Marsh
Which version and where is it already listed as an exploit?
I said "closest thing" to an exploit... it's only a proof of concept.
http://apcmag.com/6162/first_openoffice_virus_emerges
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Similar Threads
Forum statistics
Latest Threads
-
Whats the process to migrate PST Outlook data to Zimbra Mailbox?
- Started by Mahesh01
-
How can I convert PST to MBOX with attachments?
- Started by Mahesh01
-
What method can I use to convert Apple Mail to Outlook?
- Started by Regain@123
-
How to transform a .pst file into a .eml file?
- Started by Regain@123
-
Is there a way to convert PST data into MBOX format?
- Started by Regain@123
-
How to save Zimbra data as PST format?
- Started by Regain@123
-
. in regex
- Started by Mattyp77
-
Spam, spam and more spam
- Started by Moorcam
-
Howdy
- Started by Moorcam
-
Dereferencing a null point when using malloc()?
- Started by bluerose1