Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: https MITM attack via user page
Special Forums Cybersecurity https MITM attack via user page Post 302527646 by GSO on Saturday 4th of June 2011 04:43:13 AM
Old 06-04-2011
I'm taking the opportunity to make a quick test post (experimenting with browsers - I am always without fail hacked on this page!) while bringing this log up to date. I've taken the problem over to a thread on the Fedora SELInux forum which can be found here:

mouse pointer stuck in browser sandbox window

I also moved from SL6 over to Fedora 15 to try a current browser version out (SL6 is still using FF 3.X releases). The same bugs result though.

In a nutshell, with an install that should not have (at least in theory) been breached by an attacker gaining direct access to the keyboard, hackers can still hack the browser (running in a SELInux sandbox) -- but they don't seem to be able to hack the webpages so the encrypted VPN connection seems to be holding out - it is hacks like locking the mouse in the sandbox window, and crashing flash, that are getting through (I am fairly well sure at this stage that these are hacks).
Last edited by GSO; 06-19-2011 at 09:31 AM..
 

5 More Discussions You Might Find Interesting

1. Web Development

HTTPS-Home Page issue.

Hi Folks, This might be a very question,but i have not been able to find the solution. While accessing http://16.138.32.128/ in my LAN, i am able to read the index.html placed in DocumentRoot(/var/www/html). However if i tab in https://xx.xx.xx.xx/ ,i am only able to access the default... (0 Replies)
Discussion started by: Hari_Ganesh
0 Replies

2. What is on Your Mind?

Fedora Man Pages Reported Attack Page?

Is firefox complaining to anyone else that this is a Reported Attack Page!? I have used this site a million times and now it feels like complaining. Fedora Manpages: Home (5 Replies)
Discussion started by: cokedude
5 Replies

3. Shell Programming and Scripting

help pulling ${VARS} out of a web page user curl

Here is the code I have so far #!/bin/bash INFOF="/tmp/mac.info" curl --silent http://www.everymac.com/systems/apple/macbook_pro/specs/macbook-pro-core-2-duo-2.8-aluminum-17-mid-2009-unibody-specs.html "$INFOF" I want help putting these specs into a vars Standard Ram: value into $VAR1... (1 Reply)
Discussion started by: briandanielz
1 Replies

4. UNIX for Dummies Questions & Answers

How to switch the user before executing a shell script from web page??

hi, i want to execute a shell script as a different user. the flow is like this. there is a html web page from which i have to call a shell script. web server is apache. to call the shell script from html page, a perl script is required. so the html page calls the perl script and the perl... (2 Replies)
Discussion started by: Little
2 Replies

5. Solaris

Need suggestion:- Failed HTTPS transfer to https://supportfiles.sun.com/curl

Hi Guys, I have recently started reciving below Error message Failed HTTPS transfer to https://supportfiles.sun.com/curl whenever I run /usr/local/bin/sudo /opt/SUNWexplo/bin/explorer -P -q -v from all Servers. Looks like the SSL certificate as Expired. Whenever I type... (4 Replies)
Discussion started by: manalisharmabe
4 Replies

LEARN ABOUT DEBIAN

dpkg-www

DPKG-WWW(1)						      General Commands Manual						       DPKG-WWW(1)

NAME

       dpkg-www - program to remotely open a WWW Debian package browser

SYNOPSIS

       dpkg-www [-s|--stdout] [-h|--host host] [query]

DESCRIPTION

       dpkg-www is used to remotely control a WEB browser and open a dpkg URL on the local host from an interactive shell or script.

       If  the	command  is invoked while running under X-window the script will try to find an installed X browser to open the specified URL.	If
       not running under X it will try to use a text browser instead.

       If Netscape is found and a Netscape instance is already running it will be asked to open the dpkg URL on localhost with the optional  query
       supplied on the command line.  If there is no browser running, it will start automatically a new one.

       The  functionality  provided  by this program is identical to running a web browser with the -remote openURL(http://localhost/cgi-bin/dpkg)
       argument or opening the same URL from within the browser.

       dpkg-www-installer is an helper application which can configured in the WWW browser for	web  installation.  It	should	never  be  invoked
       directly by the user.

OPTIONS

       -s, --stdout
	      Redirect output to stdout. Requires one of the text browsers (lynx, lynx-ssl or links) installed.

       -h, --host host
	      Send the query to a remote host, where dpkg-www must be installed.

       query  Specifies  an  optional  package name, an absolute pathname or a query argument which is passed to the dpkg cgi-bin. See dpkg-www(8)
	      for more information about the use of the cgi.

FILES

       /etc/dpkg-www.conf

       ~/.dpkg-www
	      Configuration files for dpkg-www. It is not necessary for these files to exist, there are sensible defaults for everything, but  you
	      can specify your preferred www browser with the DPKG_WWW_BROWSER variable, for example: DPKG_WWW_BROWSER=mozilla

EXAMPLES

       dpkg-www
	      This would open a dpkg URL on localhost listing all the installed packages.

       dpkg-www bash
	      This would open a dpkg URL asking info on the bash package.

       dpkg-www -h pisolo bash
	      This would open a dpkg URL asking info on the bash package on host pisolo.

       dpkg-www 'dpkg*'
	      This would open a dpkg URL listing all packages matching dpkg*.

       dpkg-www /bin/bash
	      This would open a dpkg URL asking info on the package(s) owning the file /bin/bash .

       dpkg-www depends=svgalib
	      This would open a dpkg URL listing all packages depending on svgalib.

       dpkg-www --stdout depends=awk | grep ^ii
	      This would list on stdout all packages depending on awk and grep all lines of installed packages.

SEE ALSO

       dpkg(8), dpkg-www(8)

AUTHOR

       Massimo Dal Zotto <dz@debian.org>.
       Bugs should be reported via the normal Debian bug reporting system.

LICENCE

       dpkg-www is licensed under the GNU General Public License version 2.

								 September 1, 2004						       DPKG-WWW(1)
All times are GMT -4. The time now is 05:26 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy