[Full-disclosure] Dark side of bookmarks
Memisyazici, Aras
arasm at vt.edu
Mon Nov 2 13:51:32 GMT 2009
MustLive:
I really don't want to start a flame-war nor am I trying to belittle you or your work but...
Your "article", unless I misunderstood, is useless. To explain further, your article lacks substance. For instance you state: "could be used in DoS attack for browsers" yet you provide no working PoC/example(s)
What about mitigation? What about prevention?
No offense but scare-tactics don't help ANYBODY... As a sysadmin, I would've appreciated some more details or at least some answers to my questions above! :)
In any case, thank you for putting together such an entry and look forward to your continued, hopefully improved research results!
Sincerely,
Aras 'Russ' Memisyazici
Systems Administrator
Virginia Tech
----------------------------------------------------------------------
Date: Sat, 31 Oct 2009 23:24:50 +0200
From: "MustLive" <mustlive at websecurity.com.ua>
Subject: [Full-disclosure] Dark side of bookmarks
To: <full-disclosure at lists.grok.org.uk>
Hello participants of Full-Disclosure!
After my articles about different attacks via redirectors - Redirectors: the
phantom menace (http://websecurity.com.ua/3495/) and Attacks via closed
redirectors (http://websecurity.com.ua/3531/), here is my new article. This
time about attacks via bookmarks. In article Dark side of bookmarks
(http://websecurity.com.ua/3643/) I'll tell you about risks of bookmarks in
browsers.
There are possible next attacks via bookmarks:
1. Spam.
2. Phishing.
3. Malware spreading.
4. DoS attacks.
You can read the article Dark side of bookmarks at my site:
http://websecurity.com.ua/3643/
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
------------------------------
Full-Disclosure is hosted and sponsored by Secunia.