RE: iframe tag attack from Doyle, Bill on 2007-06-24 (public-wsc-wg@w3.org from June 2007)

From: Doyle, Bill <wdoyle@mitre.org>
Date: Sun, 24 Jun 2007 08:16:40 -0400
To: "Rachna Dhamija" <rachna.w3c@gmail.com>
Cc: <public-wsc-wg@w3.org>
Message-ID: <518C60F36D5DBC489E91563736BA4B5801815446@IMCSRV5.MITRE.ORG>

 
Item 3 seems to be a place where the WG has some agreement.
Redirection, user agent is taken to an untrusted and unintended site.
 
 

________________________________

	From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org] On Behalf Of Rachna Dhamija
	Sent: Tuesday, June 19, 2007 6:21 PM
	To: Doyle, Bill
	Cc: public-wsc-wg@w3.org
	Subject: Re: iframe tag attack
	
	
	On 6/19/07, Doyle, Bill <wdoyle@mitre.org> wrote: 
	

		This enterprising company seems to have improved
productivity.
		 
		New Web Exploit at 10,000 Machines and Growing,
Security Company Warns
		 
		Seems to be a user agent issue, is this in or out of
scope?


	If we unpack the attack, this question might be easier to
answer:
	1) Attacker compromises a web server using malware
	
	2) User visits a legitimate, but compromised, website that
includes malicious iframe 
	3) iframe causes browser to be redirected to a site with
malicious javascript
	4) malicious javascript detects the browser type and exploits
browser vulnerabilities to download code, which then downloads other
code (keyloggers, proxy, etc...) 
	
	We have ruled 1 out of scope.  How about the rest?  
	
	I am hoping that we can use our list of attacks (i.e., the
threat trees) to come to a better understanding on what is in and out
of scope.
	
	Rachna

Received on Sunday, 24 June 2007 12:16:50 UTC