- From: Rachna Dhamija <rachna.w3c@gmail.com>
- Date: Tue, 19 Jun 2007 15:21:18 -0700
- To: "Doyle, Bill" <wdoyle@mitre.org>
- Cc: public-wsc-wg@w3.org
Received on Wednesday, 20 June 2007 05:42:57 UTC
On 6/19/07, Doyle, Bill <wdoyle@mitre.org> wrote: > > This enterprising company seems to have improved productivity. > > New Web Exploit at 10,000 Machines and Growing, Security Company Warns > > Seems to be a user agent issue, is this in or out of scope? > If we unpack the attack, this question might be easier to answer: 1) Attacker compromises a web server using malware 2) User visits a legitimate, but compromised, website that includes malicious iframe 3) iframe causes browser to be redirected to a site with malicious javascript 4) malicious javascript detects the browser type and exploits browser vulnerabilities to download code, which then downloads other code (keyloggers, proxy, etc...) We have ruled 1 out of scope. How about the rest? I am hoping that we can use our list of attacks (i.e., the threat trees) to come to a better understanding on what is in and out of scope. Rachna
Received on Wednesday, 20 June 2007 05:42:57 UTC