40  2887 
MikeB wrote:
"Dag Sunde" <me@dagsunde.co mwrote in message
news:46******** **************@ news.wineasy.se ...
>navti wrote:
>>>>
what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client doesnt
have to do anything to give up his data to a malicious website so why
are you denying it ?
Prove it!
Prove it by posting a link to such a site, and I'll go there myself
with all my different browsers to see if you are right!
Aren't you starting to get an image of a short squat fellow domiciled beneath
an over water conveyance structure...
I know, I know!
A troll!
What do I win!?
--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not.
On May 25, 12:34 pm, -Lost <maventheextraw o...@techie.com wrote:
MikeB wrote:
"Dag Sunde" <m...@dagsunde. comwrote in message
news:46******** **************@ news.wineasy.se ...
navti wrote:
>what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client doesnt
have to do anything to give up his data to a malicious website so why
are you denying it ?
Prove it!
Prove it by posting a link to such a site, and I'll go there myself
with all my different browsers to see if you are right!
Aren't you starting to get an image of a short squat fellow domiciled beneath
an over water conveyance structure...
I know, I know!
A troll!
What do I win!?
grow up will you.
i want to know how it was done.
i guess i will have to buy webattacker to find out.
navti wrote:
On May 25, 12:34 pm, -Lost <maventheextraw o...@techie.com wrote:
>MikeB wrote:
>>"Dag Sunde" <m...@dagsunde. comwrote in message
news:46****** *************** *@news.wineasy. se...
navti wrote:
what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client doesnt
have to do anything to give up his data to a malicious website so why
are you denying it ?
Prove it!
Prove it by posting a link to such a site, and I'll go there myself
with all my different browsers to see if you are right!
Aren't you starting to get an image of a short squat fellow domiciled beneath
an over water conveyance structure...
I know, I know!
A troll!
What do I win!?
grow up will you.
i want to know how it was done.
i guess i will have to buy webattacker to find out.
Don't even start with me. It just so happens I trashed a response to
you, basically stating this thread and your responses in it were crap.
And funny, one of the things in it was, "And if you're just fishing for
exploit code, you'd have much better luck Googling."
And for the record... no is denying what you are saying. What people
are denying is that you were running as secure as humanly possible
installation of Windows. It is evident by your browser hijacking
session that you were not operating under a secure premise. That says
something about you, not about anyone else in this thread.
You'll forgive us if we think you are troll. 8-|
--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not.
On 25 May, 17:54, -Lost <maventheextraw o...@techie.com wrote:
navti wrote:
On May 25, 12:34 pm, -Lost <maventheextraw o...@techie.com wrote:
MikeB wrote:
"Dag Sunde" <m...@dagsunde. comwrote in message
news:46****** *************** *@news.wineasy. se...
navti wrote:
what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client doesnt
have to do anything to give up his data to a malicious website so why
are you denying it ?
Prove it!
Prove it by posting a link to such a site, and I'll go there myself
with all my different browsers to see if you are right!
Aren't you starting to get an image of a short squat fellow domiciled beneath
an over water conveyance structure...
I know, I know!
A troll!
What do I win!?
grow up will you.
i want to know how it was done.
i guess i will have to buy webattacker to find out.
Don't even start with me.
start what ?
navti wrote:
On 25 May, 17:54, -Lost <maventheextraw o...@techie.com wrote:
>navti wrote:
>>On May 25, 12:34 pm, -Lost <maventheextraw o...@techie.com wrote:
MikeB wrote:
"Dag Sunde" <m...@dagsunde. comwrote in message
news:46**** *************** ***@news.wineas y.se...
>navti wrote:
>>what about drive by downloads where the client simply has to
>>visit a malicious web site to be compromised ? you know that
>>the client doesnt have to do anything to give up his data to a
>>malicio us website so why are you denying it ?
>Prove it!
>Prove it by posting a link to such a site, and I'll go there
>myself with all my different browsers to see if you are right!
Aren't you starting to get an image of a short squat fellow
domiciled beneath an over water conveyance structure...
I know, I know!
>>>A troll!
>>>What do I win!?
>>grow up will you.
>>i want to know how it was done.
>>i guess i will have to buy webattacker to find out.
Don't even start with me.
start what ?
Trolling...
You won't hear more from me either.
--
Dag.
navti wrote:
On May 25, 5:13 am, Andrew Thompson <andrewtho...@g mail.comwrote:
>On May 25, 7:39 am, navti <nav...@gmail.c omwrote:
>>On May 24, 10:16 pm, -Lost <maventheextraw o...@techie.com wrote:navti wrote:
it all happened automatically without any intervention. i was using
win2k and ie6 at the time. i have since switched to mac os x.
...
>> if ((JVM_vers[0]!=0)&&(JVM_vers[2]<3810))
{ ExploitNumber=1 ; }
else // if JVM = 5.0.3810.0 or higher
The (dreaded) MSVM.
If this script found a 3809 or previous build MSVM, it
might have taken advantage (using a Java applet) of any
number of security holes in those Microsoft VM's.[snip]
he stole my files . i know this for a fact.
why would you think it was otherwise ? have you been living down a
mineshaft for the past 5 years ? never heard of xss ? are you in some
sort of state of denial ?
only an ignoramus would try and deny it was possible for a webserver
to compromise a client's machine.
my mistake is thinking javascript was enough . obviously it was a
combination of javascript, java, activex , php , xml etc etc
It looks to me - and I could be wrong - that it pushes a buffer overflow
to the browser to start existing code. I'd have to pull it to bits to be
sure what its doing, but it seems it is using Javascript to build a page
existing code can read so that it knows what exploit to run.
If that's right - and as I say, it may not be - then it means that you
would have earlier agreed to let that code onto your machine either
explicitly or by having very low security settings on your browser. Low
enough that it can pretty much only be IE. It then exploits existing
software on your machine, such as Norton, McAfee and the old MS JVM
apparently.
Though I agree with the others so far, unlike them, I do think that once
it has got that far, it is quite possible to steal your files. I'd need
to see the code it on your system, but this kind of apparent "drive by"
as you call it is not really what you think. Its a double-attack; you
get apparently "safe" code on your system, later on you start it from a
site that doesn't carry any invasive code - in this case, a bit of
Javascript.
At that point, the code sitting quietly on your machine leaps into
action, does its thing and shuts up. Its a trojan, pure and simple. The
Javascript just exploits IE to start the trojan and it is the trojan,
not the Javascript, that does the damage. WIth luck, the person that
gets hit is daft enough to think its that one website that causes the
problem, so doesn't realise the *real* problem is still sat on his
computer - the trojan.
On May 25, 5:02 pm, navti <nav...@gmail.c omwrote:
On May 25, 5:13 am, Andrew Thompson <andrewtho...@g mail.comwrote:
On May 25, 7:39 am, navti <nav...@gmail.c omwrote:
On May 24, 10:16 pm, -Lost <maventheextraw o...@techie.com wrote:navti wrote:
it all happened automatically without any intervention. i was using
win2k and ie6 at the time.
....
If this script found a 3809 or previous build MSVM, it
might have taken advantage (using a Javaapplet) of any
number of security holes in those Microsoft VM's. Even
the 3810 build has existing security issues that will
never be fixed.
....
he stole my files . i know this for a fact.
why would you think it was otherwise ?
Who? I specifically stated (requoting)
If this script found a 3809 or previous build MSVM, it
might have taken advantage (using a Java applet) of any
number of security holes in those Microsoft VM's. ...
>...have you been living down a
mineshaft for the past 5 years ? never heard of xss ? are you in some
sort of state of denial ?
See above 'it is possibe'.
only an ignoramus would try and deny it was possible for a webserver
to compromise a client's machine.
Only an ignoramus would quote and comment on replies
they had apparently not read, or not understood. Try
not being an ingoramus, next time.
Andrew T.
navti wrote:
On May 25, 11:20 am, "rf" <r...@invalid.c omwrote:
>If your system is so insecure that this can happen then you should unplug
your system from the internet. It's unsafe.
i did, it was called windows and i replaced it with a secure system
called os x,
OS X is not inherently any more secure than Win XP. It is simply that
hackers spend far more of their time trying to break into Windows than
other platforms.
On Tue, 29 May 2007 09:56:14 -0400, Christopher Barber wrote:
navti wrote:
>On May 25, 11:20 am, "rf" <r...@invalid.c omwrote:
>>If your system is so insecure that this can happen then you should
unplug your system from the internet. It's unsafe.
i did, it was called windows and i replaced it with a secure system
called os x,
OS X is not inherently any more secure than Win XP. It is simply that
hackers spend far more of their time trying to break into Windows than
other platforms.
....and if people keep saying that enough it will some day become true?
People spend more time writing malicious code for Windows than any other
OS because any idiot can write a debilitating virus or worm for Windows.
So much so that a few of the most destructive worms written for Windows
were accidentally as destructive as they turned out to be. (see: iloveyou
virus... which wasn't a virus.)
The current security hole in Open Office is the closest thing there's ever
been to an ease of use windows exploit. But I have no doubt that hole will
be closed before there's ever an exploit in the wild.
Ivan Marsh wrote:
On Tue, 29 May 2007 09:56:14 -0400, Christopher Barber wrote:
>navti wrote:
>>On May 25, 11:20 am, "rf" <r...@invalid.c omwrote:
If your system is so insecure that this can happen then you should
unplug your system from the internet. It's unsafe.
i did, it was called windows and i replaced it with a secure system
called os x,
OS X is not inherently any more secure than Win XP. It is simply that
hackers spend far more of their time trying to break into Windows than
other platforms.
...and if people keep saying that enough it will some day become true?
People spend more time writing malicious code for Windows than any other
OS because any idiot can write a debilitating virus or worm for Windows.
So much so that a few of the most destructive worms written for Windows
were accidentally as destructive as they turned out to be. (see: iloveyou
virus... which wasn't a virus.)
The current security hole in Open Office is the closest thing there's ever
been to an ease of use windows exploit. But I have no doubt that hole will
be closed before there's ever an exploit in the wild.
Which version and where is it already listed as an exploit?
--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: CHIN |
last post by:
Hi all.. here s my problem ( maybe some of you saw me on other groups, but i
cant find the solution !! )
I have to upload a file to an external site, so, i made a .vbs file , that
logins to the site, and then i have to select the file to upload.. i used
sendkeys.. and i worked perfect.. BUT ... the computer must be locked for
security ( obviusly ) reazons.. so..i think this probable solutions to
unlock the computer and run the...
|
by: DavidNorep |
last post by:
I do not know PHP, consider to write a CGI with this technology and
have the following question.
Is it possible to invoke a PHP script and let it endlessly wait for
requests from a website (a Java applet in my case) and serve the
requests when they arrive? I want to avoid loading the script for each
request.
In other words, can it function, in this sense, like a Java servlet?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
