Skip to comments.
ATTENTION ALL FREEPERS: Ten Types Of Web Attacks (Requires Flash)
Sanctum, Inc. ^
| Unknown
| Sanctum
Posted on 04/19/2004 3:15:17 PM PDT by rdb3
Be advised. This will show you some nefarious things that can happen to your system. You're all reading this online so, yes, it affects you. Please read, then act accordingly.
Click here. This is not a joke.
You'll now be returned to your regular programming.

A.K.A. Sleepy Brown
TOPICS: Business/Economy; Crime/Corruption; Culture/Society; Technical
KEYWORDS: bank; cookies; encryption; hackers; webperversion
1
posted on
04/19/2004 3:15:17 PM PDT
by
rdb3
To: Jim Robinson; John Robinson; B Knotts; stainlessbanner; TechJunkYard; ShadowAce; Knitebane; ...
*
2
posted on
04/19/2004 3:16:15 PM PDT
by
rdb3
(Let others praise ancient times; I am glad I was born in these.)
To: rdb3
BTTT for later...
3
posted on
04/19/2004 3:20:33 PM PDT
by
EdReform
To: rdb3
I specifically do NOT go to sites like this!
Doesn't anyone remember "Men in Black"? Would you have looked into the end of their pen for the answers to your problems? :)
To: rdb3; Admin Moderator
Advertising?
5
posted on
04/19/2004 3:47:00 PM PDT
by
FreeperinRATcage
(I am free because I know that I alone am morally responsible for every thing I do. - R. A. Heinlein)
To: rdb3
For those without flash (such as myself on my usual system), this is a 30 odd slide presentation by a company called Sanctum, motivating the sale of two products called AppShield and AppScan, to be used by public, typically commercial (that's where the money is) websites.
The ten types of Web Application Perversion listed are:
- Hidden manipulation
- Cookie poisoning
- Backdoor & debug options
- Buffer overflow
- Stealth commanding
- 3rd party misconfiguration
- Known vulnerabilities
- Parameter tampering
- Cross site scripting
- Forceful browsing
Each one is explained in two or three slides, explaining how a hacker can deface reputation and steal customer information and money.
Another page describes their product line and business:
http://www.sanctuminc.com/solutions/index.html Hackers are becoming more and more sophisticated every day, making it increasingly difficult to protect the integrity of your applications and the valuable information they safeguard. Protecting these applications by manually patching or upgrading is a strategy that will fail you - sooner or later. Today, Web application security must be built in from the ground up - driven throughout the application lifecycle from development, to quality testing, to deployment and maintenance. Sanctum is the recognized leader in Web application security across the Development Lifecycle with the online and offline solutions that work autonomously and continuously to deliver:
- Reliability: Create 'hacker resistant' applications in the development environment
- Assurance: Test quality in the QA/staging environment
- Validation: Enforce security and compliance through audits
- Confidence: Maintain confidence in the live/production environment
Sanctum's solutions complete eBusinesses' security infrastructure, assure regulatory compliance, and create sustainable ROI.
Almost makes me want to go back to banking and shopping in person, instead of on-line.
6
posted on
04/19/2004 3:47:31 PM PDT
by
ThePythonicCow
(Defeat J Frondeur Kerry)
To: FreeperinRATcage; rdb3; Admin Moderator
Yup - likely this entire thread should be nuked.
7
posted on
04/19/2004 3:49:35 PM PDT
by
ThePythonicCow
(Defeat J Frondeur Kerry)
To: ThePythonicCow; Admin Moderator
Yup - likely this entire thread should be nuked.This is NOT advertising!
I'm a Security Analyst now, and I ran across this while working at the end of the day. I wasn't more descriptive in my first post because I was in a rush.
I wanted to pass along some information so people here will be careful as to what sites with which they do e-business.
That's my only intention.
If the Admin wants to nuke it, fine. But I ain't advertising for anyone.

A.K.A. Sleepy Brown
8
posted on
04/19/2004 3:55:40 PM PDT
by
rdb3
(Let others praise ancient times; I am glad I was born in these.)
To: rdb3
Yes - I trust that you were offering this as information, not out of profit motive.
Though I also trust that the company that prepared this flash demo (Sanctum?) was doing so out of direct profit motive.
And this information really doesn't help us end users much, other than to fear all web sites that collect more than a fake login id from us. Except for a very few of us, such as yourself rdb3 perhaps, the rest of us are in no position to evaluate the security of each website we visit. Nor are we in a position to purchase these products and improve that security any.
9
posted on
04/19/2004 4:02:04 PM PDT
by
ThePythonicCow
(Defeat J Frondeur Kerry)
To: rdb3; Admin Moderator
I vote leave it up - this is some real good info - commercial website or not - to show you how vulnerable some of these web apps can make you and your personal info.
To: rdb3
Oh here is a link to the description to the garbage that infected my system last week..
http://www.scumware.com/apps/scumware.php/action::view_article/article_id::1075329940/topic::Scumware,-Spyware,-Adware-&-Malware-Applications/
I believe I was the test victim of a new version as it tore up some system files and I had to completely wipe every HD in the house to prevent re-infestation...
The a-Hole that wrote that needs to die a very slow and painful death.
SledgeCS
11
posted on
04/19/2004 4:10:48 PM PDT
by
SledgeCS
(If you call me a European-American, get ready for a fight over that INSULT...)
To: GaltMeister; rdb3
I vote leave it up I'm with you. This is one of the reasons I'm on rdb3's ping list..
12
posted on
04/19/2004 4:12:58 PM PDT
by
scripter
(Thousands have left the homosexual lifestyle)
To: SledgeCS
Opps messed that post up...
here is the link...
CWS Scumware
SledgeCS
13
posted on
04/19/2004 4:20:24 PM PDT
by
SledgeCS
(If you call me a European-American, get ready for a fight over that INSULT...)
To: GaltMeister
this is some real good info
True, though clearly presented with a bias toward generating fear, uncertainty and doubt.
14
posted on
04/19/2004 4:35:28 PM PDT
by
ThePythonicCow
(Defeat J Frondeur Kerry)
To: ThePythonicCow
Just wondering what kind of cookie this site put out. I turned my cookies off and could'nt log on.
15
posted on
04/19/2004 4:37:48 PM PDT
by
chainsaw
(http://www.hanoijohnkerry.org.)
To: chainsaw
Yes - this site requires cookies to be logged on.
So?
The sorts of security hacks described in the Flash show to which rdb3 linked can cause serious loss of money or privacy.
Cookies are not necessarily a problem. Unless FR is encoding something in them that shouldn't be there, then about all the cookie shows is that you're a freeper.
For example, my freerepublic cookie right now shows:
- .freerepublic.com
- 46394%3AcVhkAeeu73kjn6e1HSdO9Q%3A1
- FOCUS
- Wednesday, December 31, 2008 10:29:03 PM
Sure doesn't look like anything I'm trying to keep secret.
16
posted on
04/19/2004 4:57:51 PM PDT
by
ThePythonicCow
(Defeat J Frondeur Kerry)
To: rdb3
Thanks!
I passed it on to my computer dude hubby!
17
posted on
04/19/2004 5:07:49 PM PDT
by
netmilsmom
(Laz, where are you? Are you ok?)
To: ThePythonicCow
Thanks.
18
posted on
04/19/2004 5:19:44 PM PDT
by
gitmo
(Thanks, Mel. I needed that.)
To: ThePythonicCow
Except for a very few of us, such as yourself rdb3 perhaps, the rest of us are in no position to evaluate the security of each website we visit. Or it's a good way to lower the price of something you're buying. I was on a list a long time ago with a guy who claimed to have done this. He got blasted for it, but it was a good lesson to us developers not to rely on security through obscurity.
Hidden fields and ROT13 on the cookies. What a laugh!
To: ThePythonicCow
46394%3AcVhkAeeu73kjn6e1HSdO9Q%3A1 Let's look at that. It's 32 characters long when you consider the %3s are likely the encodings of unused ISO-8859-1 characters. That would be Md4 or MD5 hash, except for the % and the use of capital letters, which rules them out. But in that cookie and mine I notice we have a trend of a certain amount of numbers, then a "%3" then some more characters mainly letters, then "%3A1" So it's not likely a pure hash (like a hash of the user name, which would be really stupid). Looking at the address bar when posting, "%2" is used as a delimiter between the thread number and the comment number you're replying to, so it's likely in that programming style that the "%3" is also a delimiter within the cookie.
That's a reverse engineering starting point, which we could do something with, especially if we had more cookies to look at.
I'm not advocating hacking FR, just showing how easy it is to get started on hacking a site just by looking at what's in front of you. Hopefully Jim programmed the cookie so that efforts don't get much farther than I've gone in a couple of minutes.
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson