Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Sahir's Blogspot

Sahir's Blogspot 12 years 10 months ago #2510

  • Cheetah
  • Cheetah's Avatar
  • Offline
  • Frequent Member
  • Posts: 72
  • Karma: 0
Hi

I do not expect a link from firewall.cx to Sahir's blogspot should take me to an html file with exploit on URL SPOOF, which attempts to save on my hardisk at

Path\Local Settings\Temporary Internet Files\Content.IE5\Random\tftfotw.blogspot[1].htm

Thats bad. Should I report this here or at forum other? :x

Regards
Cheetah
Kind Regards,
<b>Cheetah</b>
<i>The outcome of devotion is, quality!</i>
The administrator has disabled public write access.

Re: Sahir's Blogspot 12 years 10 months ago #2512

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Cheetah, I'm afraid you've been misled. The link from firewall.cx leads just straight to my weblog at tftfotw.blogspot.com, it does not lead to any exploit.

The URL spoof exploit which I have demonstrated in one of the posts on my blog does nothing more than fake which site you think you're at (it will say www.google.com in the bar, but will take you to www.firewall.cx instead). There is no malicious content whatsoever.

Furthermore, judging by the URL you've given here, it looks like that is nothing but IE saving to the cache (Temporary Internet Files).

If I post any proof-of-concept exploits at my weblog, I always post source code rather than executables for precisely this reason -- I don't want someone to accidently download and run some malicious binary.

The posts at my weblog are entirely independent of firewall.cx and nobody other than myself is responsible for them. That said, I can tell you that you've made a mistake.. neither firewall.cx nor tftfotw contain any malicious links.

I will be more than happy to confirm any doubts you have regarding my weblog, this site, or the security measures taken by both.
I will PM you my email address as I don't want the spam bots to pick it up here.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: Sahir's Blogspot 12 years 10 months ago #2519

  • Cheetah
  • Cheetah's Avatar
  • Offline
  • Frequent Member
  • Posts: 72
  • Karma: 0
Hi Sahirh,

That was just a constructive criticism, immtly after the Interscan Virsuwall/McAfee blocked these html pages directly as I visited the link from firewall.cx.

To verify I disabled the Viruswall to get the html for analysing, but the McAfee at client denied access for the local html file. The exploits from both were the same. :oops:

Please note that I didnt even visit any of your demos. :-) Also for at Firewall.cx team, sorry for posting a 3rd party message here.

Please note only constructive criticism devolops any person/org.

Regards
-Cheetah
Kind Regards,
<b>Cheetah</b>
<i>The outcome of devotion is, quality!</i>
The administrator has disabled public write access.

Re: Sahir's Blogspot 12 years 10 months ago #2521

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Siva,

Personally I am convinced that your criticism was nothing but constructive and obviously Sahir saw it in that way. As Sahir noted, the material on his site is independent of Firewall.cx.

Sahir, in his good will, decided to demonstrate the URL spoof exploit in order to alarm our visitors and members, and considering his role as an Security Advisor, I'd say I'm glad he did so and I'm sure everyone else will agree to that!

With this chance, I'd like to note to everyone that our team consists of highly responsible professionals who have dedicated their time and effort to help everyone here and would never consider using against our members/visitors to any such exploits or threats.

Thank you!
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: Sahir's Blogspot 12 years 10 months ago #2523

  • Cheetah
  • Cheetah's Avatar
  • Offline
  • Frequent Member
  • Posts: 72
  • Karma: 0
Hi

Hey I didnt see below the html page, because already the pages were blocked by Viruswall & Mcafee before it reached me.

Firebird revealed that Sahir's demo below in the bage after disabling everything. :)

I am sorry because, I read about this back at


http://heise.de/security/dienste/browsercheck/demos/ie/e5_18.shtml

(sorry about the German) and was confused when Sahir's web page was blocked mentioning the exploit of URL Spoofing. :)

Regards
Cheetah
Kind Regards,
<b>Cheetah</b>
<i>The outcome of devotion is, quality!</i>
The administrator has disabled public write access.

Re: Sahir's Blogspot 12 years 10 months ago #2525

  • tfs
  • tfs's Avatar
  • Offline
  • Expert Member
  • Posts: 521
  • Karma: 0
As you obviously didn't get the whole page, it is reasonable that you would have concerns in your situation. I am sure Sahirh would like to know if somehow there was an inadvertent link that could cause anyone any harm.

With the climate these days of unscrupulous, unethical, unprincipled and immoral people in this world, it doesn't hurt to mention something that appears out of the ordinary and may be harmful.

We appreciate any warning of anything that could be harmful - to anyone.

Thanks.
Thanks,

Tom
The administrator has disabled public write access.
Time to create page: 0.085 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup