Firewall penetration using javascript
Using javascript on a Web site, you can make someone's router port-forward any port back to them. This software forces any port that might normally be restricted to become open to attack, and leaves the door open for hackers. Worse yet, users might not even know it's happening.
Browser protocol confusion
Hackers can fool a browser into thinking it is using HTTP protocol (normally uses for Web browsing) when in fact it's using a different protocol such as FTP or IRC. This in turn confuses the router on a network and forces it to open ports that might normally be restricted.
Businesses should run strict firewalls to prevent this type of attack, with limited outbound connections. Running an end-point based firewall could also prevent this attack.
Browser-based geo-location harvesting
A malicious Web site can use a browser to learn some information about a user's network with no authentication required. The browser then sends information to an attacker, who asks Google where the original user lives. Google has this data because they correlate network locations with GPS coordinates, collected during their Street View mapping.
http://www.itbusiness.ca/it/client/en/home/News.asp?id=59914&PageMem=2
No comments:
Post a Comment