September 21, 2008 • 11:55 am
After I heard that Apple already fixed the carpet bomb vulnerability in Safari 3.1.2, I tried to continue using Safari in my Mac OS. However, I discover that seems the problem still remains, so I switch to Windows and see if this is solved in Windows only. That’s true, the carpet bomb is patched in Safari 3.1.2, but only in Windows version, I don’t understand why Apple can partially fix the problem. Although the issue may not be as serious as Windows, but still, the problem exists!
When I was trying to verify whether this bug has been fixed, I discovered that by default the status bar is hidden in Safari. This is a any vulnerability, but I think sometimes it is a very useful tool to avoid phishing. It is because when you move your cursor to a hyper link, the status bar will show the destination of the link without clicking it. Take the following as an example. More than a month ago, there is a spam flowing around the Internet. The content of the mail is captured as follow.
All the links and the content of the mail look fine, but the Download link is point to a trojan! At this moment, a careful user will use the status bar to examine the links before really clicking on it. Or sometimes you use it naturally but you don’t notice that.
Since Google Chrome using the same core system of Safari, I have just checked to see if Chrome also has this issue. The status bar in Google Chrome basically is “hidden”, but when it needs the status bar appear, it will show up. What I mean is Chrome will show up the links when you move over it.
I am still looking forward to see Apple solve the carpet bomb in Mac version of Safari. At this moment, no reason for me to use it.
Filed under: browser, spam , apple, carpet bomb, safari
I just get an email address from my manager. The email service is provided by Exchange Server, and I am now getting familiar with the Exchange Server. The most interested part to me, of course is the anti-spam feature of the server (Besides, anti-virus and anti-malware are also interesting to me). In the documentation of Exchange Server, it states that the server use many kinds of spam filter, and most of them are a kind of black listing mechanism.
I am now going to test how effective the email service is, so I will post my email address here to attract robots to fetch this address, and send spams to the address.
Kane@groje.com
More:
wiki – MS Exchange Server
MS Exchange Server 2007
Planning for Anti-Spam and Antivirus Features
OT:
I am looking for some virus database, because I would like to implement the basic anti-virus method — pattern matching. Should you know any virus database that is useful, please let me know.
Filed under: news, spam , email, Exchange Server, spam
Yesterday, my sister play around with a block checker site, checking which user in your MSN contact list blocked the traffic from you.
Once she type in her user name and password, and suddenly, all of the user in her list receive a meaningless message. Here what I mean is that the message is definitely not written by her. Once I got it, the first idea is that she got a virus. After AVG anti-virus took a very very very … long scanning process, it did not found any suspicious file. When I try to ask my sister what site she had visited before getting this virus-like symptom, she shown me the website.
As you may know, there are many MSN block checker over the Internet. Most of the block checker sites help you to query whether the target user is online or not, ie. if you cannot see him in your online list in MSN, but he is stated online in these checker websites, it means you have been blocked. Sounds not efficient enough, rite? So the block checker site which my sister visited is trying another approach. It asks for the email address and password the user use to login MSN, and the program in its server will contact to MSN server and fetch the contact list, then send a message to each user in the list and see if they can the message. This is what I guess how it works, did not verified yet.
However, before using these block checker application, you need to consider if they are secure and innocent enough. From mess.be, although it may be an old news, most of these websites is collecting email addresses for spam or even worse. Some other like the website my sister browsed, may collect password from the user, even though they claim they are not. So, take the risk when you are going to use it.
How dangerous the world is!
Reference:
Filed under: news, spam, virus , spam, virus, msn, block checker
In this month, MessageLabs released a report about spam. It states that spam is accounting 76.8 percent of all email in May 2008. Spam mail increased by 3.3% since April with 1 in 1.3 emails being spam. This is the first time I read this kind of statistic analysis, I cannot imagine that there are so many spam flowing around the Internet!
Why there is such a big jump? According to the report, the spammer trying to contain links to spam content contained in documents hosted on Google Docs, and Microsoft’s SkyDrive environment. It is because the domain names they previously bought were getting blacklisted quickly, but it is difficult to block Google and Microsoft applications because they are widely used by normal users. On the other hand, “the spammers are also taking advantage of Google Analytics to gauge their success with each spam run.” from the report.
Here is a simple example:
Click the following link and win the big money!!
http://docs.google.com/View?docid=dgmszc7x_312xstksmgn
After constructing the above example, I discovered that Google Docs has a “Report spam” link on the page above, I think it should be a quick response to this new type spam. I will give a try to SkyDrive later.
Spammers are always seeking for ways to bypass spam filters, which for the most spam filters, it is not reasonable to block links to Google Docs or Microsoft’ SkyDrive, according to the report. On the other hand, the report mentioned that spammers insert a URL in an email that leads the victim to a Google Docs-hosted page. The content of the spam contains only the link to free hosting services, but it will lead you to what the spammer want you to visit.
Besides, another things that shock me in the report is that, the most spammed country is Hong Kong with levels reaching 85.9% of all email. How many spam you received everyday?
I am thinking that if this technology (eg. Google Docs) can be used to perform CSRF or XSS by sending an email to a gmail user, saying that I have shared a document with you, but the document is going to still sensitive information from you. But the key thing is Google Docs allow you to write client-side scripting on it or at least make client-side scripting executable in the document. A quick demo in SkyDrive.
This link will execute a javascript alert function.
XSS demo in SkyDrive
Should you have any idea or comment about this stuff, please feel free to leave a comment.
Reference:
Filed under: news, spam , google, hong kong, microsoft, skydrive, spam
