- From: Thomas Roessler <tlr@w3.org>
- Date: Fri, 22 Jun 2007 21:36:39 +0200
- To: "Doyle, Bill" <wdoyle@mitre.org>
- Cc: Dan Schutzer <dan.schutzer@fstc.org>, Mike Beltzner <beltzner@mozilla.com>, Rachna Dhamija <rachna.w3c@gmail.com>, public-wsc-wg@w3.org
Redirecting to the list as well. -request is for list administrivia. -- Thomas Roessler, W3C <tlr@w3.org> On 2007-06-20 20:10:15 +0000, Doyle, Bill wrote: > From: "Doyle, Bill" <wdoyle@mitre.org> > To: Dan Schutzer <dan.schutzer@fstc.org>, > Mike Beltzner <beltzner@mozilla.com>, > Rachna Dhamija <rachna.w3c@gmail.com> > Cc: public-wsc-wg-request@w3.org > Date: Wed, 20 Jun 2007 20:10:15 +0000 > Subject: RE: iframe tag attack > X-Spam-Level: > Old-Date: Wed, 20 Jun 2007 16:10:06 -0400 > X-Diagnostic: Already on the subscriber list > X-Diagnostic: 38 wdoyle@mitre.org 32760 wdoyle@mitre.org > X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5 > > More thoughts. > > "However if a user only downloaded from trusted sites when in safe mode > (a big if, probably not realistic), then the scenario would be > defeated" > > User goes out, compromises browser, goes into safe mode, thinks they > are secure and gives up the farm. > > Looks like it gets back to the expectations that the user agent is > functioning correctly and not compromised. > > Does "safe" mode also need a user agent provided by a trusted source > that is restricted to only go to sites that are "trusted" > > Bill > > > > > > > > > > > ________________________________ > > From: Dan Schutzer [mailto:dan.schutzer@fstc.org] > Sent: Wednesday, June 20, 2007 9:24 AM > To: Doyle, Bill; 'Mike Beltzner'; 'Rachna Dhamija' > Cc: public-wsc-wg@w3.org > Subject: RE: iframe tag attack > > > > When in safe mode, this threat scenario should be defeated. The > untrusted site would be rejected; the trusted site would be audited to > ensure there is sufficient security built-in that their web site is > unlikely to be compromised. However, when not in the safe mode a user > would be vulnerable as they can access any site. However if a user only > downloaded from trusted sites when in safe mode (a big if, probably not > realistic), then the scenario would be defeated. > > > > Dan > > > > > ________________________________ > > > From: public-wsc-wg-request@w3.org > [mailto:public-wsc-wg-request@w3.org] On Behalf Of Doyle, Bill > Sent: Wednesday, June 20, 2007 7:15 AM > To: Mike Beltzner; Rachna Dhamija > Cc: public-wsc-wg@w3.org > Subject: RE: iframe tag attack > > > > Thanks -- I pulled out part of your text that I want to review > against the "safe" browsing modes are being discussed > > > > iframe is doing things where a site which is trusted/identified > in one way is loading content form a site that is not trusted > > > > Bill D. > > > > > > ________________________________ > > > From: Mike Beltzner [mailto:beltzner@mozilla.com] > Sent: Wednesday, June 20, 2007 1:54 AM > To: Rachna Dhamija > Cc: public-wsc-wg@w3.org; Doyle, Bill > Subject: Re: iframe tag attack > > Using Rachna's unpack (thanks for that!) the way I see > it ... > > 1. is definitely out of scope. > > 2. is strange - the fact that the site is compromised > makes me think this is out of scope, but must any identity mechanisms > that we do accept as in scope protect users from these types of > problems? > > 3. feels in scope to me, especially if the iframe is > doing things where a site which is trusted/identified in one way is > loading content form a site that is not trusted, and then presenting it > as part of the trusted site. I understand that this is a common > practice amongst websites, but we need some mechanisms for enabling it > without enabling this type of compromise as a side effect, IMO. Also, > we need a pony. > > 4. the browser exploits that result in downloaded and > installed malware are in scope, but once infected, the effects of that > malware are totally out of scope. > > imo, fwiw, etc. > > cheers, > mike > ----- Original Message ----- > From: "Rachna Dhamija" <rachna.w3c@gmail.com> > To: "Bill Doyle" <wdoyle@mitre.org> > Cc: public-wsc-wg@w3.org > Sent: Tuesday, June 19, 2007 6:21:18 PM (GMT-0500) > America/New_York > Subject: Re: iframe tag attack > > On 6/19/07, Doyle, Bill <wdoyle@mitre.org> wrote: > > This enterprising company seems to have > improved productivity. > > > > New Web Exploit at 10,000 Machines and Growing, > Security Company Warns > > > > Seems to be a user agent issue, is this in or > out of scope? > > > If we unpack the attack, this question might be easier > to answer: > 1) Attacker compromises a web server using malware > > 2) User visits a legitimate, but compromised, website > that includes malicious iframe > 3) iframe causes browser to be redirected to a site > with malicious javascript > 4) malicious javascript detects the browser type and > exploits browser vulnerabilities to download code, which then downloads > other code (keyloggers, proxy, etc...) > > We have ruled 1 out of scope. How about the rest? > > I am hoping that we can use our list of attacks (i.e., > the threat trees) to come to a better understanding on what is in and > out of scope. > > Rachna > > > > >
Received on Friday, 22 June 2007 19:36:56 UTC