With all the hubbub around China yet again, I would like to remind you of the utilities available at Hammer of God that allow one to completely block any or all traffic to or from China or any other country in the world via ISA/TMG.
As many of you know, I¡¯ve been totally blocking China for years, mostly because I¡¯m a Porcelain kind of guy. Oh, and the fact that the entire country¡¯s network is a festering cesspool of scum and villainy.
Here¡¯s an article I wrote about a 1.5 years ago on the subject if it has any relevance to you.
http://www.securityfocus.com/infocus/1900/1
¹¿Կ´µ½һµ㣬²»»ش - Ҳ»»µõ½¡£
>
> As many of you know, I¡¯ve been totally blocking China for years, mostly
> because I¡¯m a Porcelain kind of guy. Oh, and the fact that the entire
> country¡¯s network is a festering cesspool of scum and villainy.
>
> Here¡¯s an article I wrote about a 1.5 years ago on the subject if it
> has any relevance to you.
>
> http://www.securityfocus.com/infocus/1900/1
>
> ¹¿Կ´µ½һµ㣬²»»ش - Ҳ»»µõ½¡£
> 165.php.
>
Good paper; Since this is out there I figure I'll forward the much
shorter article I wrote that details an attack against the contact
gadget, which was patched last month.
https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget-
patches-in-ms07-048
With all the hubbub around China yet again, I would like to remind you of the utilities available at Hammer of God that allow one to completely block any or all traffic to or from China or any other country in the world via ISA/TMG.
As many of you know, I’ve been totally blocking China for years, mostly because I’m a Porcelain kind of guy. Oh, and the fact that the entire country’s network is a festering cesspool of scum and villainy.
Here’s an article I wrote about a 1.5 years ago on the subject if it has any relevance to you.
http://www.securityfocus.com/infocus/1900/1
如果您可以看到这一点,不回答 - 我不会得到它。
Yesterday I wrote English version of my article The future of XSS attacks
(http://websecurity.com.ua/3878/), which you can read if you interested in
this topic.
In the article I talked about Cross-Site Scripting attacks where it’s not
possible to use any tags and angle brackets. I listed attack vectors which
can be used in this case (automated and non-automated). And wrote about
current situation with modern browsers: in 2008 in Firefox 3 possibility of
attack via -moz-binding was removed (partly) and in IE 8, which released at
beginning of 2009, support of expression() was removed.
> 165.php.
>
Good paper; Since this is out there I figure I'll forward the much
shorter article I wrote that details an attack against the contact
gadget, which was patched last month.
https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget-
patches-in-ms07-048
With all the hubbub around China yet again, I would like to remind you of the utilities available at Hammer of God that allow one to completely block any or all traffic to or from China or any other country in the world via ISA/TMG.
As many of you know, I’ve been totally blocking China for years, mostly because I’m a Porcelain kind of guy. Oh, and the fact that the entire country’s network is a festering cesspool of scum and villainy.
Here’s an article I wrote about a 1.5 years ago on the subject if it has any relevance to you.
http://www.securityfocus.com/infocus/1900/1
如果您可以看到这一点,不回答 - 我不会得到它。
> My question is, if this attack works with disabling access to unsafe
> controls without "preceding comment", why use the preceding comment
> at all ?
I understand reasons of your question :-). It's because in this article I
didn't wrote in detail about Saved XSS hole in IE (I referred to original
post about it). When using this XSS, after saving page, IE put comment into
saved file (where XSS code is also put and here these hole appears). So with
this hole we always will have preceding comment. And with bug which
Microsoft made in IE :-) it'll be needed to use my patch for this bug
friend at the turn of the year. We've seen 3 PoC exploits so far, so I'm
sure the malware community will be taking note.
Todd wrote:
> Good paper; Since this is out there I figure I'll forward the much
> shorter article I wrote that details an attack against the contact
> gadget, which was patched last month.
Thanks, it's pretty interesting to see the various PoC coming out in almost in
synchronisation with the paper. I'm glad I'm not the only one concerned by
the functionality they provide.
