It's a shampoo world anyway
 
Freitag, 12. Januar 2007


Anti DNS-pinning revisited

After discovering that accessing a closed port is sufficient to cause most web browsers to drop their DNS-pinning, Kanatoko Anvil worked further to refine my anti DNS-pinning technique: If a browser drops the pinned DNS mapping for a certain domain, it does not only affect JavaScript but also Flash objects. This way same-origin restriction for the low level socket functions of Action Script 3.0 can be circumvented, effectively allowing binary network connections with arbitrary hosts. Check out his demo. Now it seems only a matter of time until somebody ports Nmap to run in a Flash applet. Quite scary.

Update: Flash does not even pin DNS (!). All it takes is a short-lived DNS entry. It is still 1996 for Adobe.

 
online for 6728 Days
last updated: 09.04.14 16:14
status
Youre not logged in ... Login
menu
... home
... topics

... antville home

April 2020
MoDiMiDoFrSaSo
12345
6789101112
13141516171819
20212223242526
27282930
Juni
about:
the shampoo world is
the personal weblog of Martin Johns.
recent

xml version of this page

Made with Antville
powered by
Helma Object Publisher




...welcome to the long tail...