It's a shampoo world anyway
 
Freitag, 12. Januar 2007


Anti DNS-pinning revisited

After discovering that accessing a closed port is sufficient to cause most web browsers to drop their DNS-pinning, Kanatoko Anvil worked further to refine my anti DNS-pinning technique: If a browser drops the pinned DNS mapping for a certain domain, it does not only affect JavaScript but also Flash objects. This way same-origin restriction for the low level socket functions of Action Script 3.0 can be circumvented, effectively allowing binary network connections with arbitrary hosts. Check out his demo. Now it seems only a matter of time until somebody ports Nmap to run in a Flash applet. Quite scary.

Update: Flash does not even pin DNS (!). All it takes is a short-lived DNS entry. It is still 1996 for Adobe.

 
online for 6288 Days
last updated: 09.04.14 16:14
status
Youre not logged in ... Login
menu
... home
... topics

... antville home

Januar 2019
MoDiMiDoFrSaSo
123456
78910111213
14151617181920
21222324252627
28293031
Juni
about:
the shampoo world is
the personal weblog of Martin Johns.
recent

xml version of this page

Made with Antville
powered by
Helma Object Publisher




...welcome to the long tail...