It's a shampoo world anyway
 
Montag, 19. Februar 2007


LocalRodeo - Client-side protection against JavaScript Malware

After contributing to show how to break things, it is about time to start fixing things: Justus Winter and I are happy to present the first (beta) version of LocalRodeo, a Firefox extension that aims to protect against attacks which lately have been summarized under the term JavaScript Malware.

LocalRodeo specifically counters two attack vectors:

  • Intranet Exploration (i.e. JavaScript portscanning and fingerprinting): The extension classifies all network locations to be either local or external, with local locations being part of the intranet. All http requests that have an external origin (i.e. were generated within the execution context of an external webpage) and a local target (i.e. an intranet resource) are canceled by LocalRodeo.
  • Anti DNS-Pinning: LocalRodeo detects this attack method by monitoring DNS answers. The switch of a given domain from external to local (or vice versa) is a clear indication of an anti-pinning attack. If such a switch is detected, all further requests from or to the malicious domain are prohibbited.

If you feel like it, please take the extension for a testdrive and let us know if anything went wrong. Enjoy.

Due to problems at my provider, the LocalRodeo webpage can't be reached temporarily. I hope that problem will we solved in the next hours. Here is an replacement site. (problem solved)

... Link


 
online for 8425 Days
last updated: 09.04.14, 16:14
status
Youre not logged in ... Login
menu
... home
... topics

... antville home

Februar 2007
So.Mo.Di.Mi.Do.Fr.Sa.
123
45678910
11121314151617
18192021222324
25262728
JanuarMärz
about:
the shampoo world is
the personal weblog of Martin Johns.
recent

xml version of this page

Made with Antville
powered by
Helma Object Publisher




...welcome to the long tail...