Why every email is important
At first glance, it looked to be the same as any one of a thousand other e-mails.
The following is from an e-mail that was forwarded to us because delivery to the original sender bounced
<snip>
I just wanted to make sure you know that currently most (or all) of the images and navigation on Bastille-linux.org are broken. I appreciate the project and all you do for the info sec community. If there is something I can do for you please let me know.
</snip>
We always get reports of sites that are down or somehow "wrong". Quite often it's a localized routing problem, other times it is a browser rendering issue, but when we get a report of a site down, more often than not there is no malicious activity.
Not this time.
After investigation by ISC Handlers Don Smith and Joel Esler in combination with site owner Jay Beale, Jay issued a statement here that began:
"Dear Bastille Linux Users, On the morning of September 11th, 2007, alerted by handlers from the Internet Storm Center, I learned that one Mykhaylo Perebiynis purchased our Bastille Linux domain and is demanding $10,000 to return it to the project. He appears to be in business as a domain squatter."
Please make sure you read the full text of Jay's announcement which includes the PGP fingerprint for the key he will be using to sign any downloads and critical e-mail announcements going forward.
At SANSFIRE this year, one of the comments during the Handlers forum panel discussion was that the reader was concerned about sending in reports that turn out to be incorrect (because of a routing problem, browser issue, user error ...) and "bother us".
Don't be.
This is a perfect example of how something that you might think we consider "routine" and not important turns out to be (for Jay) a major event.
In incident handling, the sooner the compromise is detected, the sooner it can be contained, eradicated and recovered from.
This time, the issue is relatively limited. Next time ...
And in case you're curious, the publicly available WHOIS information for the current (not Jay Beale) domain owner is available here
XSIO: Cross Site Image Overlaying
I found a new paper on a vulnerability called XSIO. XSIO stands for "Cross Site Image Overlaying" and is basically the same as XSS except there is no scripting involved, but instead an image is referenced and positioned using CSS over an important part of a website.
I've seen images being used in the past to convince e.g. managers of the need to fix XSS vulnerabilities. Basically it's too hard to explain how bad XSS is without goign into some level of technical detail. It's just simpler to understand the impact of that "inappropriate" image on a website than it is to explain the website's vulnerability causes the clients to get exploited via XSS.
The defense is the same as with XSS: input and output validation, echoing back input from the user is asking for trouble.
--
Swa Frantzen -- NET2S
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago