Sahir's Blogspot

Hi

I do not expect a link from firewall.cx to Sahir's blogspot should take me to an html file with exploit on URL SPOOF, which attempts to save on my hardisk at

Path\Local Settings\Temporary Internet Files\Content.IE5\Random\tftfotw.blogspot[1].htm

Thats bad. Should I report this here or at forum other? :x

Regards
Cheetah

Cheetah, I'm afraid you've been misled. The link from firewall.cx leads just straight to my weblog at tftfotw.blogspot.com, it does not lead to any exploit.

The URL spoof exploit which I have demonstrated in one of the posts on my blog does nothing more than fake which site you think you're at (it will say www.google.com in the bar, but will take you to www.firewall.cx instead). There is no malicious content whatsoever.

Furthermore, judging by the URL you've given here, it looks like that is nothing but IE saving to the cache (Temporary Internet Files).

If I post any proof-of-concept exploits at my weblog, I always post source code rather than executables for precisely this reason -- I don't want someone to accidently download and run some malicious binary.

The posts at my weblog are entirely independent of firewall.cx and nobody other than myself is responsible for them. That said, I can tell you that you've made a mistake.. neither firewall.cx nor tftfotw contain any malicious links.

I will be more than happy to confirm any doubts you have regarding my weblog, this site, or the security measures taken by both.
I will PM you my email address as I don't want the spam bots to pick it up here.

Hi Sahirh,

That was just a constructive criticism, immtly after the Interscan Virsuwall/McAfee blocked these html pages directly as I visited the link from firewall.cx.

To verify I disabled the Viruswall to get the html for analysing, but the McAfee at client denied access for the local html file. The exploits from both were the same. :oops:

Please note that I didnt even visit any of your demos. Also for at Firewall.cx team, sorry for posting a 3rd party message here.

Please note only constructive criticism devolops any person/org.

Regards
-Cheetah

Siva,

Personally I am convinced that your criticism was nothing but constructive and obviously Sahir saw it in that way. As Sahir noted, the material on his site is independent of Firewall.cx.

Sahir, in his good will, decided to demonstrate the URL spoof exploit in order to alarm our visitors and members, and considering his role as an Security Advisor, I'd say I'm glad he did so and I'm sure everyone else will agree to that!

With this chance, I'd like to note to everyone that our team consists of highly responsible professionals who have dedicated their time and effort to help everyone here and would never consider using against our members/visitors to any such exploits or threats.

Thank you!

nnbnbHi

Hey I didnt see below the html page, because already the pages were blocked by Viruswall & Mcafee before it reached me.

Firebird revealed that Sahir's demo below in the bage after disabling everything.

I am sorry because, I read about this back at


heise.de/security/dienste/browsercheck/demos/ie/e5_18.shtml

(sorry about the German) and was confused when Sahir's web page was blocked mentioning the exploit of URL Spoofing.

Regards
Cheetah

As you obviously didn't get the whole page, it is reasonable that you would have concerns in your situation. I am sure Sahirh would like to know if somehow there was an inadvertent link that could cause anyone any harm.

With the climate these days of unscrupulous, unethical, unprincipled and immoral people in this world, it doesn't hurt to mention something that appears out of the ordinary and may be harmful.

We appreciate any warning of anything that could be harmful - to anyone.

Thanks.