ATTENTION ALL FREEPERS: Ten Types Of Web Attacks (Requires Flash)

Sanctum, Inc. ^ | Unknown | Sanctum

[rdb3]

Be advised. This will show you some nefarious things that can happen to your system. You're all reading this online so, yes, it affects you.

Please read, then act accordingly.

Click here. This is not a joke.

You'll now be returned to your regular programming.

A.K.A. Sleepy Brown

[rdb3]

*

[EdReform]

BTTT for later...

[the_Watchman]

I specifically do NOT go to sites like this!

Doesn't anyone remember "Men in Black"? Would you have looked into the end of their pen for the answers to your problems? :)

[FreeperinRATcage]

Advertising?

[ThePythonicCow]

For those without flash (such as myself on my usual system), this is a 30 odd slide presentation by a company called Sanctum, motivating the sale of two products called AppShield and AppScan, to be used by public, typically commercial (that's where the money is) websites.

The ten types of Web Application Perversion listed are:

• Hidden manipulation
• Cookie poisoning
• Backdoor & debug options
• Buffer overflow
• Stealth commanding
• 3rd party misconfiguration
• Known vulnerabilities
• Parameter tampering
• Cross site scripting
• Forceful browsing

Each one is explained in two or three slides, explaining how a hacker can deface reputation and steal customer information and money.

Another page describes their product line and business:

---

http://www.sanctuminc.com/solutions/index.html

Hackers are becoming more and more sophisticated every day, making it increasingly difficult to protect the integrity of your applications and the valuable information they safeguard. Protecting these applications by manually patching or upgrading is a strategy that will fail you - sooner or later. Today, Web application security must be built in from the ground up - driven throughout the application lifecycle from development, to quality testing, to deployment and maintenance. Sanctum is the recognized leader in Web application security across the Development Lifecycle with the online and offline solutions that work autonomously and continuously to deliver:

• Reliability: Create 'hacker resistant' applications in the development environment
• Assurance: Test quality in the QA/staging environment
• Validation: Enforce security and compliance through audits
• Confidence: Maintain confidence in the live/production environment
Sanctum's solutions complete eBusinesses' security infrastructure, assure regulatory compliance, and create sustainable ROI.

---

Almost makes me want to go back to banking and shopping in person, instead of on-line.

[ThePythonicCow]

Advertising?

Yup - likely this entire thread should be nuked.

[rdb3]

Yup - likely this entire thread should be nuked.

This is NOT advertising!

I'm a Security Analyst now, and I ran across this while working at the end of the day. I wasn't more descriptive in my first post because I was in a rush.

I wanted to pass along some information so people here will be careful as to what sites with which they do e-business.

That's my only intention.

If the Admin wants to nuke it, fine. But I ain't advertising for anyone.

A.K.A. Sleepy Brown

[ThePythonicCow]

This is NOT advertising!

Yes - I trust that you were offering this as information, not out of profit motive.

Though I also trust that the company that prepared this flash demo (Sanctum?) was doing so out of direct profit motive.

And this information really doesn't help us end users much, other than to fear all web sites that collect more than a fake login id from us. Except for a very few of us, such as yourself rdb3 perhaps, the rest of us are in no position to evaluate the security of each website we visit. Nor are we in a position to purchase these products and improve that security any.

[GaltMeister]

I vote leave it up - this is some real good info - commercial website or not - to show you how vulnerable some of these web apps can make you and your personal info.

[SledgeCS]

Oh here is a link to the description to the garbage that infected my system last week..

http://www.scumware.com/apps/scumware.php/action::view_article/article_id::1075329940/topic::Scumware,-Spyware,-Adware-&-Malware-Applications/

I believe I was the test victim of a new version as it tore up some system files and I had to completely wipe every HD in the house to prevent re-infestation...

The a-Hole that wrote that needs to die a very slow and painful death.

SledgeCS

[scripter]

I vote leave it up

I'm with you. This is one of the reasons I'm on rdb3's ping list..

[SledgeCS]

Opps messed that post up...

here is the link...

CWS Scumware

SledgeCS

[ThePythonicCow]

this is some real good info

True, though clearly presented with a bias toward generating fear, uncertainty and doubt.

[chainsaw]

Just wondering what kind of cookie this site put out. I turned my cookies off and could'nt log on.

[ThePythonicCow]

Yes - this site requires cookies to be logged on.

So?

The sorts of security hacks described in the Flash show to which rdb3 linked can cause serious loss of money or privacy.

Cookies are not necessarily a problem. Unless FR is encoding something in them that shouldn't be there, then about all the cookie shows is that you're a freeper.

For example, my freerepublic cookie right now shows:

• .freerepublic.com
• 46394%3AcVhkAeeu73kjn6e1HSdO9Q%3A1
• FOCUS
• Wednesday, December 31, 2008 10:29:03 PM

Sure doesn't look like anything I'm trying to keep secret.

[netmilsmom]

Thanks!
I passed it on to my computer dude hubby!

[gitmo]

Thanks.

[antiRepublicrat]

Except for a very few of us, such as yourself rdb3 perhaps, the rest of us are in no position to evaluate the security of each website we visit.

Or it's a good way to lower the price of something you're buying. I was on a list a long time ago with a guy who claimed to have done this. He got blasted for it, but it was a good lesson to us developers not to rely on security through obscurity.

Hidden fields and ROT13 on the cookies. What a laugh!

[antiRepublicrat]

46394%3AcVhkAeeu73kjn6e1HSdO9Q%3A1

Let's look at that. It's 32 characters long when you consider the %3s are likely the encodings of unused ISO-8859-1 characters. That would be Md4 or MD5 hash, except for the % and the use of capital letters, which rules them out. But in that cookie and mine I notice we have a trend of a certain amount of numbers, then a "%3" then some more characters mainly letters, then "%3A1" So it's not likely a pure hash (like a hash of the user name, which would be really stupid). Looking at the address bar when posting, "%2" is used as a delimiter between the thread number and the comment number you're replying to, so it's likely in that programming style that the "%3" is also a delimiter within the cookie.

That's a reverse engineering starting point, which we could do something with, especially if we had more cookies to look at.

I'm not advocating hacking FR, just showing how easy it is to get started on hacking a site just by looking at what's in front of you. Hopefully Jim programmed the cookie so that efforts don't get much farther than I've gone in a couple of minutes.