security - What damage can a website do? -

-

now , (accidentally) come across websites anti-virus warns me about. out of curiosity, kind of damage can website do?

i've been working in web development around 4 years , can't think of 'genuine' damage worth warning user about. maybe i'm missing obvious, surely browsers , basic security measures implemented main operating systems prevent particularly invasive going on?

i'm talking threats aside deceptive way (phishing etc.). taxing browser enough warrant anti-virus warning (i.e. overload page resource-draining javascript)? typically, cookies, caches , localstorage have limits - can't think of go on there.

i suspect may off-topic, it's less technically specific i'd ask. i'll happily delete if case.

the main risk encountering drive-by download.

a drive-by download isn't file download in usual sense, browser exploit allows executable code download , execute on system (known payload).

one example microsoft internet explorer colspan element processing arbitrary code execution vulnerability:

microsoft internet explorer contains vulnerability allow unauthenticated, remote attacker execute arbitrary code on targeted system.

the vulnerability due improper processing of elements in web pages. unauthenticated, remote attacker exploit vulnerability convincing user view malicious website. if successful, attacker exploit vulnerability execute arbitrary code on system privileges of user.

the vulnerability due improper handling of changed colspan in fixed table layout. if colspan increased after initialization, trigger heap-based buffer overflow.

however, more recent exploits exist such this 1 year (2015) in flash player:

adobe flash player before 13.0.0.269 , 14.x through 16.x before 16.0.0.305 on windows , os x , before 11.2.202.442 on linux allows attackers execute arbitrary code or cause denial of service (memory corruption) via unspecified vectors

another attack vector website exploitation of cross domain attack such cross site request forgery. such malicious site making background requests other sites you're logged into. example, might making ajax requests https://facebook.com/delete_account (made url path), , you're logged facebook browser pass cookies , action triggered. is, if facebook did not have csrf protection delete account function (i'm pretty sure though).

another example of cross domain attack site may trying exploit xss flaw on site use. redirect site , capture credentials log in, or more sneaky request site in background , grab session cookie. requires target site contain such xss flaw however.


Comments

Post a Comment

Popular posts from this blog

PHP DOM loadHTML() method unusual warning -

-
i had following code works fine on localhost: $document = new domdocument(); $document->loadhtml($p_result); $form = $document->getelementsbytagname('form')->item(0); // code continues using $form variable after same code updated on outside server, loadhtml() failed , issued warning. warning: domdocument::loadhtml() expects parameter 1 valid path, string given in path/name/to/script.php returned null instead of object code pretty gets fatal error. note contents of $p_result absolutely same on outside server , on localhost. but why displays kind of warning , why not work? doesn't loadhtml() expects argument 1 string in first place? why method expects parameter 1 valid path ? just make clear i'm not calling loadhtmlfile() , i'm calling loadhtml() . thanks. you're affected one of php bugs . issue present in php 5.6.8 , 5.6.9. have affected php version on server, , bug-free version on localhost. the bug forbids null
Read more

python - How to create jsonb index using GIN on SQLAlchemy? -

-
here's current code creating index jsonb. index("mytable_data_idx_id_key", mytable.data['id'].astext, postgresql_using='gin') but got error. sqlalchemy.exc.programmingerror: (psycopg2.programmingerror) data type text has no default operator class access method "gin" hint: must specify operator class index or define default operator class data type. [sql: "create index event_data_idx_id_key on event using gin ((data ->> 'id'))"] is there way create index on sqlalchemy? the postgresql specific sqlalchemy docs @ http://docs.sqlalchemy.org/en/latest/dialects/postgresql.html#operator-classes mention postgresql_ops dictionary provide "operator class" used postgresql, , provide example illustrating use: index('my_index', my_table.c.id, my_table.c.data, postgresql_ops={ 'data': 'text_pattern_ops',
Read more

c# - TransactionScope not rolling back although no complete() is called -

-
i'm using transactionscope rollback transaction fail bool errorreported = false; action<importerrorlog> newerrorcallback = e => { errorreported = true; errorcallback(e); }; using (var transaction = new transactionscope()) { foreach (importtaskdefinition task in taskdefinition) { loader.load(streamfile, newerrorcallback, task.destinationtable, processingtaskid); } if (!errorreported) transaction.complete(); } i'm sure there no transactionscope started ahead or after code. i'm using entity framework insert in db. regardless state of errorreported transaction never rolled in case of error. what missing ? transactionscope sets transaction.current . that's does. wants transacted must @ property. i believe ef each time connection opened reason. probably, connection open when scope installed. open connection inside of scope or enlist manually. ef has nasty "design decision": default opens
Read more