[WLUG] 'Forbidden' website
Willie Northway
willn at umich.edu
Sun Dec 3 20:07:21 EST 2017
Drew - what it's not executable code, but instead disreputable information?
Imagine a scenario where you want to do some online banking, you navigate
to mybank.com - however, I've intercepted your DNS request and have
directed you to my own malicious server which is posing as mybank.com,
however, my SSL cert is bad. You don't run any of the code that I served
up, but you provide your username and password and submit. I harvest these
and redirect you to the real mybank.com site and you just figure that
you've mistyped your password the first time.
What if I redirected you to a non SSL site which had drive-by malware on it?
I could also see a scenario where you visit your favorite news source, and
they're displaying alarmingly wrong information which causes you to alter
your behavior. Some examples could include things like Taco Town is giving
people diarrhea, a political candidate is involved in a scandal right
before an election, some company's stock is about to tank, or we're being
invaded by North Korea.
On Sun, Dec 3, 2017 at 7:24 PM, Drew <drew4096 at gmail.com> wrote:
> If I tell a browset to display a URL I want it to obey ME, period.
> It's okay to warn about certificates and such but damnit I want the
> data retrieved! As for security risks, just don't RUN any of it!
> Anything that can't simply be displayed should be stashed somewhere.
> ______________________________________________________
> washlug mailing list washlug web site
> washlug at washlug.org www.washlug.org
> http://linux.marcdatabase.com/mailman/listinfo/washlug
>
--
Willie Northway
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linux.marcdatabase.com/pipermail/washlug/attachments/20171203/741b8a8c/attachment.html>
More information about the washlug
mailing list