Neil's News

Security Lecture

9 December 2005

I just had the pleasure of giving a lecture on Internet security at a local high school. Over the years I've learned enough things the hard way that I figured I had a few tips to offer. The class was most impressive, they discovered the content hijacking exploit within 90 seconds of being told to hunt for "something unexpected" in a search form. It was wonderful to be in a room full of people eager to explore. The impromptu penetration testing of their websites was also quite enjoyable (ooh, I can execute arbitrary SQL statements).

While preparing for the lecture I discovered that the earlier content hijacking exploit is much more serious than I first thought. Imagine an evil website which contains 1x1 iframes at the bottom of the page. These iframes quietly load a hijacked page on vulnerable sites. The JavaScript on this page now has access to read (or write) cookies on the vulnerable site's domain, and post this data back to the cracker. The hijacked page could also recreate the login forms on the vulnerable site, then JavaScript could wait a few seconds in the hopes that the browser will auto-complete the input boxes, before posting the data back to the cracker. Nasty.

< Previous | Next >