http://www.idyll.org/~t/www-tools/twill.html
Un linguaggio di scripting per testare le vostre applicazioni web. Utilissimo, in certi casi. Interessante il fatto che sia estensibile, basta scrivere un moduletto in python e "linkarlo". (si, questo significa che si ci potrebbe fare qualcosa di evil ... :) )
Hacked, nuovamente. Questa volta tramite un bug di Twiki.
http://www.net-security.org/article.php?id=836
"The Spread Firefox Team became aware this week that the server hosting Spread Firefox, our community marketing site, has been accessed by unknown remote attackers who attempted to exploit a security vulnerability in TWiki software installed on the server. The TWiki software was disabled as soon as we were aware of the attempts to access SpreadFirefox.com. This exploit was limited to SpreadFirefox.com and did not affect mozilla.org web sites or Mozilla software."
Internet attacks that use Web servers to exploit browser vulnerabilities to install malware programs are on the rise [D04,R04,B04,S05]. Several recent reports suggested that some companies may actually be building a business model around such attacks [IF05,R05]. Expensive, manual analyse for individually discovered malicious Web sites have recently emerged [F04,G05]. In this paper, we introduce the concept of Automated Web Patrol, which aims at significantly reducing the cost for monitoring malicious Web sites to protect Internet users. We describe the design and implementation of the Strider HoneyMonkey Exploit Detection System [L05,N05], which consists of a network of monkey programs running on virtual machines with different patch levels and constantly patrolling the Web to hunt for Web sites that exploit browser vulnerabilities.
Within the first month of utilizing this new system, we identified 752 unique URLs that are operated by 287 Web sites and that can successfully exploit unpatched WinXP machines. The system automatically constructs topology graphs that capture the connections between the exploit sites based on traffic redirection, which leads to the identification of several major players who are responsible for a large number of exploit pages.
www.flickr.com
|
