RE: (ot) URL Hack Attempt Leaves Me Scractching My Head... For Ma rk Kruger
Okay, stupidly, I clicked on rent.com (? Used to avoid perpetuation) to see what Brian was talking about and now I see the reference to a .js file on one of the pages. I didn't just infect my pc with something, did I? I surely hope that we are not perpetuating some virus with these e-mails. Having your browser request a .js file, by itself, should not be sufficient to infect your machine with anything. However, that's largely up to you, when you configure your machine. First, ideally, you should not be logged into your machine as an administrator. This prevents the execution of any code that will change the operating system configuration (like viruses or malware in general). In addition, arbitrary executables should not be allowed to install something without requesting permission, so that even if you were logged in as an administrator, you would be prompted to allow or deny the installation of ActiveX controls or the like. Based on my examination of one of the .js files yesterday, I doubt there's any kind of harmful payload. It looks like the goal of the attack is click fraud - driving up traffic where none would otherwise exist. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309473 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: (ot) URL Hack Attempt Leaves Me Scractching My Head... For Ma rk Kruger
I went to your site Coldfusionmuse ... Please send vulnerability discoveries to the appropriate individuals, not to mailing lists. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309474 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: (ot) URL Hack Attempt Leaves Me Scractching My Head... For Ma rk Kruger
It's ok dave... I put myself out there after all -mark -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2008 2:09 PM To: CF-Talk Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head... For Ma rk Kruger I went to your site Coldfusionmuse ... Please send vulnerability discoveries to the appropriate individuals, not to mailing lists. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309476 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: (ot) URL Hack Attempt Leaves Me Scractching My Head... For Ma rk Kruger
you are correct Dave.. Mark..I apologize for my post. I thought it was interesting following the links from the original thread to see a site with that exact attack. Brian I went to your site Coldfusionmuse ... Please send vulnerability discoveries to the appropriate individuals, not to mailing lists. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309483 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: (ot) URL Hack Attempt Leaves Me Scractching My Head... For Ma rk Kruger
Brian, No worries. You just cost me an hour of my life approving changes to our portfolio section (ha). -mark -Original Message- From: Brian Yager [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2008 3:52 PM To: CF-Talk Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head... For Ma rk Kruger you are correct Dave.. Mark..I apologize for my post. I thought it was interesting following the links from the original thread to see a site with that exact attack. Brian I went to your site Coldfusionmuse ... Please send vulnerability discoveries to the appropriate individuals, not to mailing lists. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309485 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
