'Hacking'에 해당되는 글 266건

  1. 2009.03.26 six questions on copyright for jonathan zittrain by CEOinIRVINE
  2. 2009.03.26 Copyright as Politics and Business by CEOinIRVINE
  3. 2009.03.26 DMCA Digital Millennium Copyright Act (DMCA) by CEOinIRVINE
  4. 2009.03.14 Hacking Quiz (too easy.. for beginners) by CEOinIRVINE
  5. 2009.03.12 Positioning IDS Snort Sensor by CEOinIRVINE
  6. 2009.03.12 Snort: Monitoring Multiple Network Interfaces by CEOinIRVINE
  7. 2009.03.11 HTTP HyperText Transfer Protocol (HTTP) by CEOinIRVINE
  8. 2009.03.11 TCP Analysis - Section 4: TCP Flag Options by CEOinIRVINE
  9. 2009.03.11 Intel CPU Architecture by CEOinIRVINE
  10. 2009.03.10 Socket Capable Browser Plugins Result In Transparent Proxy Abuse by CEOinIRVINE

six questions on copyright for jonathan zittrain

Hacking 2009. 3. 26. 06:41

SIX QUESTIONS ON COPYRIGHT FOR JONATHAN ZITTRAIN

We spoke with Jonathan Zittrain, assistant professor for Entrepreneurial Legal Studies at Harvard University and faculty co-director of the Berkman Center for Internet and Society.[26]

Q1: Is downloading copyright infringement and stealing, or is it fair use? Can you legally download a digital version of a song you bought on a record?
A1: Fair use is much more narrow than most people think. Fair use is a standard, not a rule, and it often requires a lawsuit to decide it. Many people honestly don't see downloading as stealing, since it doesn't deprive anyone else of the song itself—only a chance to profit from its sale. They might say, "it's not a pie, it's just sniffing the aroma." Still, I think it is generally an infringement to download large amounts of copyrighted material without permission. Even if you already own the corresponding CD, the case could be made that a network-derived copy is infringing.
Q2: How come it was okay to swap music on tape but now, as music industry executives state, since it's digital and perfect, it isn't? Further, they say it was okay when only a few did it, but now that we have millions to share with it's not okay.
A2: Copyright law has always been complicated, and now that it routinely impinges on individual behavior, it's all the more a big mess. Conscience and convenience have governed individual behavior in the past; for example, many people feel socially awkward ordering up, say, a descrambler to steal cable TV service. Now copying has become quite convenient. The real objection the music industry has to services like KaZaA and Grokster is that they are thought to seriously dampen profits. So long as the industry frames its pricing around the scarcity of its product, there probably indeed is such an impact.
Q3: Why do you think so many young (and older) people feel it's OK to download?
A3: First, because the "stealing," if such it is, is indirect: it's taking money out of the pocket of someone who might otherwise be able to charge for the music. That's a harm, but a distinct one from the harm of, say, having one's car stolen. Second, there is a lasting impression of the American music industry as often being at odds with the creative artists it enlists. People may feel it's OK to copy music if it's "merely" hurting a company that in turn was giving a bad deal to an artist anyway. Finally, consumers want convenience, and the industry has been slow to offer equally convenient legal alternatives.
Q4: You say copyright law is a big mess. What is your legal opinion of the Digital Millennium Copyright Act?
A4: The DMCA is a big mess, too. It has reinforced the mercenary instincts of the copyright holders, who now want to see every possible profit from a work go to them and who think that the way to reconcile old business models with new technologies is to alter the technology to suit the business model—which then cuts off a range of other innovation wholly unrelated to intellectual property.
Q5: You've called the Internet "an instrument of anarchy." Is there any way to plug up the increasingly free flow of information, as the RIAA has attempted to do?
A5: The record companies are acting like pit bulls. There's a "take no prisoners" attitude on both sides of the issue. It may take the form of a new Internet which uses its own technologies to control copyrighted media.
Q6: What are the most appropriate solutions to digital piracy, ones that will make all parties satisfied?
A6: I credit that if copyrights were to be rendered inconsequential by technology, then creators will create less—and many will cease to create at all. There are a number of good alternatives; for example, the iTunes model or Harvard Law professor Terry Fisher's proposal for an alternative compensation system based on compulsory licensing. We need to focus our thinking away from income structures that ossified in the early 20th century and toward a combination of technological advances and rewards for innovation that will enhance rather than stanch the flow of ideas, which is fundamental to a free society.

'Hacking' 카테고리의 다른 글

Visa, MasterCard In Security Hot Seat  (0) 2009.04.01
Incident Reponse  (1) 2009.03.30
Copyright as Politics and Business  (0) 2009.03.26
DMCA Digital Millennium Copyright Act (DMCA)  (0) 2009.03.26
Hacking Quiz (too easy.. for beginners)  (0) 2009.03.14
Posted by CEOinIRVINE
l

Copyright as Politics and Business

Hacking 2009. 3. 26. 06:14

Copyright as Politics and Business

Are you picking up on a theme here? From the first copyright act of 1476 to the ruling in Donaldson v. Beckett three centuries later, copyright was primarily about business, ownership of intellectual content, and political maneuvering. It never really concerned itself much with authors' rights to control the dissemination of their intellectual property or to benefit financially from their published work. Furthermore, since the passage of the Statute of Anne over two centuries ago, it's been more and more of the same.

You don't need to know all the gruesome details of the history of copyright in the Western World. But if you're going to make sense of today's controversies, it helps to see the progression and understand the distinction between copyright and the right to copy.

Is the Recording Industry Association of America (RIAA) that much different from yesteryear's Royal Stationers Company? Are the software counterfeiters of China much different from the Scottish book bootleggers of 1700? Are authors who received a flat fee from their printers in Shakespeare's time much different from today's musicians who get royalties on their music only after promotion costs, marketing costs, printing costs, and innumerable administrative fees are deducted from revenues? Table 2-1, at the end of the chapter, offers up a smorgasbord of political shenanigans behind the history of copyright law.

Table 2-1. The Political History of Copyright
Date Event Outcome Political or Business Motivation
557 Columba copies Finnian's Psalter to use in his own monastery. King Diarmait orders him to return the copy to Finnian. There was previous bad blood between Columba and Diarmait; after the ruling, Columba supports an uprising in which Diarmait is killed.
1456 Gutenberg invents the printing press. Control of content moves from religious houses and individual authors or their patrons to owners of printing presses (which were scarce and expensive). The printing press creates a radical change in the price of making copies and in their quality, and shifts financial rewards from publishing to printers from authors (such as there were).
1476 First English copyright law Printers have to register what books or pamphlets they produce. The Crown wants to prevent the distribution of information unfavorable to the government and to obtain revenues from selling licenses.
1557 Company of Stationers of London incorporated under Queen Mary A long-time printer's guild gets royal sanction for an official monopoly on printing and begins controlling prices and distribution via a system of Stationers' Copyrights that could be bought, sold, or traded. Copyrights were perpetual (lasting for eternity). A Catholic monarchy gains additional control of content through prior censorship (the register) from a guild/company headed by a Roman Catholic.
1624 Statute of Monopolies Parliament abolishes guilds and assumes the responsibility of regulation in their market areas—the Stationers Company excepted. The Statute helps erode the power of the Crown (and increases that of Parliament) as the Crown makes money selling monopoly rights; now Parliament assumes the mantle of censor.
1695 Lapse of the licensing acts Parliament lets the last of the licensing acts which governed the rights of publication lapse, essentially abolishing prepublication censorship. However, under no copyright constraint, booksellers and printers in Scotland retypeset popular books from England and resell them at a lower price. Under pressure from vocal intellectuals such as John Milton and John Locke, Parliament lets the licensing acts lapse, but in practice nothing changes. The Stationers Company becomes a cartel, copyrights remain with publishers, and authors sell their material to the Stationers Company members for a flat fee. The increasing piracy from Scotland seems to be an unintended consequence.
1710 Statute of Queen Anne A new copyright law is created to prevent future bookseller monopolies, granting some rights to authors, and encouraging production of more work. The Queen brokers the treaty with Scotland, giving them some of the book trade in return for coming under the copyright law, and to ensure support against potential invasions from France or an uprising of Jacobites; the Stationers Company trades some market control for the ability to continue as a monopoly.
1769 Millar v. Taylor In a challenge to the Statute of Queen Anne, Taylor reprints a book published by Millar after the copyright runs out. Millar sues, claiming a perpetual copyright under common law. The court finds for Millar and for the first time asserts copyright under common law, clearly a promonopoly, probusiness, pro-Stationers' Company ruling.
1774 Donaldson v. Beckett A Scottish printer republishes the same book involved in Millar v. Taylor, challenging the ruling of Millar v. Taylor. This case goes to the full House of Lords, which is less inclined to support the Stationers Company monopoly and more inclined to assert the power of government. Donaldson wins, and copyright is determined to be a state-granted right or license, not a right given to authors by God.
1787 U.S. Constitution Article 1, Section 8 gives Congress the power to promote "science and the useful arts" through laws protecting intellectual property, but for limited time only. This is a compromise between promoting business (the exclusive rights), a position favored by James Madison, and guarding against the power of monopolies, a position favored by Thomas Jefferson.
1790 U.S. Copyright Act Act puts into law the intent of the Constitution and extends copyright to maps and charts. The term length is 14 years, renewable for another 14, for a total of 28. As a descendent of the Statute of Anne, U.S. copyright still favors publishers over authors.
1802 Extension to the Copyright Act Adds designs, engravings, etchings, and prints to copyright protection. Allows U.S. artists and engravers to make prints of classic works of art and resell them in the U.S. under copyright protection; encourages the distribution of cheaper European art in the States.
1804 Napoleonic Code Codifies post-French Revolution rule for business, including copyright. Introduces the concept of "moral rights" for authors. Splits author's rights into (1) economic rights and (2) moral rights. The former could be sold, licensed, etc. while the latter gives the author rights beyond the sale of economic rights in how the work can be displayed, edited, resold, etc.
1831 Extension to the Copyright Act Coverage for sheet music is added and the copyright period extended another 14 years (total of 42). Longer period of copyright favors owners (mostly publishers).
1834 Wheaton v. Peters Peters wants to publish a condensed version of his predecessor's reports, recordings, and notes of court proceedings, Wheaton sues. The court finds for Peters because Wheaton hadn't filed the right paperwork. In this decision the court establishes that the U.S. recognizes no "common law" rights for authors and that copyright is a monopoly granted by the state.
1841 Folsom v. Marsh Marsh republishes as excerpts 350 pages of a collection of George Washington's letters first published by Folsom; the courts find for Folsom. Establishes that there is a right to "fair use" of another's work—but that taking 350 pages verbatim is not fair use.
1853 Stowe v. Thomas A German publisher translates Harriet Beecher Stowe's Uncle Tom's Cabin into German and sells it in the U.S.; Stowe sues, but the courts find for Thomas. Although this keeps intact the idea that you can copyright expressions of ideas, but not the ideas themselves, it galvanizes American authors into pressuring Congress to add foreign translation to the copyright laws in 1870.
1856 Extension to the Copyright Act Right of performance of dramatic works.  
1865 Extension to the Copyright Act Photographs.  
1870 Copyright Act of 1870 Paintings, statues, fine arts, and translations are included. Codifies that U.S. copyright is a right granted by the state, not a right by natural law. Puts into law the concept established in Wheaton that no common law right to copyright exists.
1886 Berne Convention Extends copyright to authors outside the country of origin. Eventually offers protection of life plus 75 years, but also promotes concept of author's "moral rights." U.S. doesn't sign, preferring the shorter copyright span of the Copyright Act because of the freedom from author control of derivative or follow-on works.
1891 International Copyright Act (Chace Act) Copyright granted to non-U.S. citizens if reciprocated. Eastern publishers and printers finally support authors with Congress to protect business from lower-price Midwestern publishers.
1909 Copyright Act of 1909 First time all copyright laws are put into one bill. First sale doctrine codified. Also allows corporate copyright and work for hire. Extends copyright to 28 years, renewable for another 28, for a total of 56. Helps newspapers and later motion picture companies to get copyright protection, giving them the rights of persons. Also establishes rules for when authors are "work for hire" employees. This is the first time companies get the same rights as people.
1912 Extension of Copyright Act Gives copyright coverage to motion pictures after years of lawsuits under the 1870 Act. Blurs the separation of copyright protection for "expression" not "ideas." Even a "treatment" could be copyrighted. Screenwriters become employees and contract workers.
1955 Universal Copyright Convention Substitutes for signing the Berne Convention and covers only 28 years of protection (for foreign authors selling books in the U.S.). Enables the U.S. to offer minimal protection of foreign works without signing onto all the conditions of the Berne Convention.
1976 Copyright Act of 1976 Extends copyright to life of author plus 50 years; for anonymous works for hire, 75 years from publication, 100 years from year of creation. Sets the stage for signing the Berne Convention later and makes it easier for the U.S. to have reciprocal copyright agreements—important since the U.S. is not a net exporter of content.
1984 Betamax case Universal Studios and Disney sue Sony, maker of the Betamax video tape recorder. The case begins in 1979 with a ruling that home taping was "fair use," then is reversed on appeal in 1981 and reversed again in 1984 by a 5–4 majority of the Supreme Court. Public opinion was largely against the concept (jokes about "video police"), and experts thought enforcement would be difficult. Many countries, however, impose a tax on VCRs and blank tapes and pay the proceeds to the movie industry.
1988 U.S. signs Berne Convention. Extends U.S. copyright to life plus 50 years. U.S. signs in order to extend international copyright to life plus 70 years without major debate. Mickey Mouse is 60 years old at the time.
1998 Sonny Bono Copyright Term Extension Act Extends the copyright coverage to life plus 70 years, mirroring many countries that are signatories to the Berne Convention. Gives U.S. publishers and authors reciprocal rights for those countries that also have 70-year copyrights; the Disney Corporation, whose copyright on Mickey Mouse in the cartoon Steamboat Willy is set to expire in 2003, spearheads lobbying Congress.
1998 Digital Millennium Copyright Act The DMCA amends the Copyright Act by outlawing the use of techniques to prevent unauthorized copying and penalties for circumventing those techniques. The law mandates that hardware manufacturers build machines capable of recognizing copyright protection systems and sets the content industry against the MP3, VCR, CDR, and DVR industries.


The progression is not pretty, nor is it pure. But it is a progression. After a millennium and a half, it is a little easier for those who create intellectual work to reap some financial rewards from that work. A little.


'Hacking' 카테고리의 다른 글

Incident Reponse  (1) 2009.03.30
six questions on copyright for jonathan zittrain  (0) 2009.03.26
DMCA Digital Millennium Copyright Act (DMCA)  (0) 2009.03.26
Hacking Quiz (too easy.. for beginners)  (0) 2009.03.14
Positioning IDS Snort Sensor  (0) 2009.03.12
Posted by CEOinIRVINE
l

DMCA Digital Millennium Copyright Act (DMCA)

Hacking 2009. 3. 26. 03:46

EFF Sues Michael Crook for Bogus DMCA Claims

Be very careful when you make threats against ISPs under the Digital Millennium Copyright Act (DMCA).  The Electronic Frontier Foundation is taking the issues seriously and are pushing for a preliminary injunction to stop the potential harassment and abuse. 

As a primer: under the DMCA, a copyright holder can request that an ISP remove offending material from the web.

With respect to the EFF action (at Laughing Squid):

“The EFF has just filed suit against Craigslist copycat scammer Michael Crook for filing bogus DMCA claims. In September, a blog post about Michael Crook on 10 Zen Monkeys (which is run by Jeff Diehl) used a screen shot from Fox News of Michael Crook. Michael then send a DMCA (Digital Millennium Copyright Act) takedown notice to Jeff’s web host, claiming that he had a copyright on the image. Jeff’s web host then forced him to remove the image or his account would be suspended. Jeff then moved 10zenmonkeys.com to Laughing Squid Web Hosting (the web hosting company that we run). Within 24 hours, our data center was sent a DMCA claim from Michael Crook, requesting that the image be removed. I immediately contacted Jeff to discuss the situation, as well as Jason Schultz, an attorney at The Electronic Frontier Foundation. A few weeks later, EFF filed the complaint.”

'Hacking' 카테고리의 다른 글

six questions on copyright for jonathan zittrain  (0) 2009.03.26
Copyright as Politics and Business  (0) 2009.03.26
Hacking Quiz (too easy.. for beginners)  (0) 2009.03.14
Positioning IDS Snort Sensor  (0) 2009.03.12
Snort: Monitoring Multiple Network Interfaces  (0) 2009.03.12
Posted by CEOinIRVINE
l

Hacking Quiz (too easy.. for beginners)

Hacking 2009. 3. 14. 04:35
http://yangws13.myfeelclub.com/webhacking_game/quest3/index.htm


답:?

 <script language="VBscript">
 dim agesub button_onclick
 if form1.id.value = "Yangws13" then   
 if form1.pw.value = "MyNameisY.w.sImHacker" then      
 msgbox "%uAD00%uB9AC%uC790%uB2D8 %uD658%uC601%uD569%uB2C8%uB2E4.",
 vbinformation, "%uC131%uACF5"        
 age=form1.birth.value 
 if age=<80000 then  
 msgbox "%uD3EC%uD2B8(Port) %uAC00 %uC77C%uCE58%uD558%uC9C0%uC54A%uC2B5%uB2C8%uB2E4.",
 vbinformation, "%uC811%uC18D%uCC28%uB2E8"   
 location.href="from_no.htm"  
 exit sub 
 else  
 location.href="from_ok_areyou_wins.html" 
end if   
else     
 msgbox "%uB85C%uADF8%uC778%uC744 %uC2E4%uD328 %uD558%uC600%uC2B5%uB2C8%uB2E4.", vbcritical, "%uC2E4%uD328"   
end if  
else   
 msgbox "%uB85C%uADF8%uC778%uC744 %uC2E4%uD328 %uD558%uC600%uC2B5%uB2C8%uB2E4.", vbcritical, "%uC2E4%uD328"
end if
end sub
</script>

'Hacking' 카테고리의 다른 글

Copyright as Politics and Business  (0) 2009.03.26
DMCA Digital Millennium Copyright Act (DMCA)  (0) 2009.03.26
Positioning IDS Snort Sensor  (0) 2009.03.12
Snort: Monitoring Multiple Network Interfaces  (0) 2009.03.12
HTTP HyperText Transfer Protocol (HTTP)  (0) 2009.03.11
Posted by CEOinIRVINE
l

Positioning IDS Snort Sensor

Hacking 2009. 3. 12. 04:58

Ideally you would position a number of IDS sensors in different locations, each of which covers a particular area of threat within your organization.

Some locations you should consider:

  • Monitor any points of external access to the network (Internet, wireless, and VPN, for example).

  • Ideally, you want to monitor both sides of any filtering tool.

  • Monitor any DMZ area.

  • Ideally, you want to monitor both sides if any machines are multihomed.

  • Monitor any critical and/or vulnerable services (e.g., mail-, web-, and database- related services).

  • Monitor any internal network connections between subnets.

  • Monitor the internal network in general for internal problems.

Discussion

The following sections provide some case studies for you to consider.

Small business (or geek at home)

The scenario shown in Figure 1-12 has one point of entry. It doesn't contain many computers, and there are not a lot of complicated services running. The most traffic comes from file transfers, web access, and email. There is little to no risk of employee-related attack. The sensible way to monitor this network is to place the IDS to monitor inside the firewall at the point of access to the network. This will crop up potential issues that have passed through the firewall.

Figure 1-12. A home network


Medium-sized business

In a medium-sized network, there are several more places that are worth monitoring (see Figure 1-13). There should still be an IDS on the inner side of your firewall. In addition, you should monitor the demilitarized zone (DMZ) off your firewall. This area is the most at risk, as it is the most exposed. Often (and unadvisedly) machines in the DMZ have interfaces to the internal network. Any breach of these machines effectively circumvents any protection to the internal network provided by the firewall. This is where the external functions of the network usually lay, such as mail, the Web, FTP, and other servers that need to be accessible to the world at large. Within the network, as the size of the organization grows, it becomes prudent to monitor for inappropriate activity from within. Monitoring the use of key services, such as databases, and checking for abuse, will not only prevent an internal problem, but also back up the effectiveness of the IDS inside the firewall.

Figure 1-13. A medium-sized network


Larger organizations

As the size of the organization grows, so do the number of ways into and out of the network (see Figure 1-14). Large networks may have more servers running on the DMZ, multiple Internet connections for redundancy, wireless access points, and remote users with VPNs—all adding up to a huge amount of traffic and potential problems. IDS should be strategically placed so you can monitor as many of these systems as possible, if not all of them. You should place the IDS snesors on significant points in the network such as servers, mainframes, and routers. All in all, if breaking something would result in a problem for your business, you should be looking at it.

Figure 1-14. Large network


You may consider all this to be quite extreme, but it isn't quite as bad as it seems. If you consider any medium to large organization, a significant number of the resources listed previously are in the same room. Linux-compatible gigabit Ethernet cards are available with up to six ports. Coupled with machines that have space for three or four PCI cards, you could have as many as 24 Ethernet ports (plus expansion modules can convert one PCI slot to 13 using an external enclosure). Using a single machine running multiple instances of Snort, you could do all of this easily

'Hacking' 카테고리의 다른 글

DMCA Digital Millennium Copyright Act (DMCA)  (0) 2009.03.26
Hacking Quiz (too easy.. for beginners)  (0) 2009.03.14
Snort: Monitoring Multiple Network Interfaces  (0) 2009.03.12
HTTP HyperText Transfer Protocol (HTTP)  (0) 2009.03.11
TCP Analysis - Section 4: TCP Flag Options  (0) 2009.03.11
Posted by CEOinIRVINE
l

Snort: Monitoring Multiple Network Interfaces

Hacking 2009. 3. 12. 04:55

Monitoring Multiple Network Interfaces

Problem

You want to monitor more than one network interface.

Solution

Use more than one instance of Snort, each monitoring a separate interface.

Combine your NICs into a single "bridged" unit.

Discussion

It is perfectly possible to run more than one instance of Snort. Using this method, you just assign a separate Snort process to watch each interface that you are interested in, each with its own configuration file.

The bridging option was primarily developed as a method to allow a Linux machine to act as a bridge between networks. It allows two network cards to be aggregated into a single entity. Before progressing down this route, consider reading the documentation available on the Sourceforge home page for the project, available here: http://bridge.sourceforge.net.

Assuming that bridging is built into your kernel, this is how you would go about implementing it. First, clear the IP addresses on the interfaces you are trying to bridge (you can use more than two):

[root@frodo root]# ifconfig eth0 0.0.0.0 
[root@frodo root]# ifconfig eth1 0.0.0.0

Use the bridging commands to create a bridge container:

[root@frodo root]# brctl addbr snort_bridge

Add the interfaces to the container:

[root@frodo root]# brctl addif snort_bridge eth0 
[root@frodo root]# brctl addif snort_bridge eth1

Then bring the bridge online:

[root@frodo root]# ifconfig snort_bridge up

To make use of the bridge, include it as the interface argument to Snort:

[root@frodo root]# snort -v -i snort_bridge
Running in packet dump mode
Log directory = /var/log/snort
Initializing Network Interface snort_bridge

The options that you use really depend on the reasons for needing more than one port. If you are listening to more than one range of IP addresses, it makes sense to run an instance per IP range. However, if you are tapping a full duplex link or a link that is faster than the network cards (gigabit tapping with 100 MB cards, for example), using bridged networking is a better option.

 

'Hacking' 카테고리의 다른 글

Hacking Quiz (too easy.. for beginners)  (0) 2009.03.14
Positioning IDS Snort Sensor  (0) 2009.03.12
HTTP HyperText Transfer Protocol (HTTP)  (0) 2009.03.11
TCP Analysis - Section 4: TCP Flag Options  (0) 2009.03.11
Intel CPU Architecture  (0) 2009.03.11
Posted by CEOinIRVINE
l

HTTP HyperText Transfer Protocol (HTTP)

Hacking 2009. 3. 11. 09:48

Understanding Application Layer Protocols

In this chapter, we'll move further up the OSI Seven Layer Model and take an in-depth look at the workings of some of the Application layer protocols that are most commonly used in content switching. These include TCP-based services such as HTTP, UDP services like DNS, and applications that use a combination of TCP and UDP, such as the Real Time Streaming Protocol (RTSP). Finally, we'll look at how these types of applications can be secured using Secure Sockets Layer (SSL).

HyperText Transfer Protocol (HTTP)

The HyperText Transfer Protocol, or HTTP, must be the most widely used Application layer protocol in the world today. It forms the basis of what most people understand the Internet to be—the World Wide Web. Its purpose is to provide a lightweight protocol for the retrieval of HyperText Markup Language (HTML) and other documents from Web sites throughout the Internet. Each time you open a Web browser to surf the Internet, you are using HTTP over TCP/IP.

HTTP was first ratified in the early 1990s and has been through three main iterations:

  • HTTP/0.9: A simplistic first implementation of the protocol that only supported the option to get a Web page.

  • HTTP/1.0: Ratified by the IETF as RFC 1945 in 1996. This version added many supplemental data fields, known as headers to the specification. This allowed for other information passing between the client and server, alongside the request and consequent page.

  • HTTP/1.1: Defined in RFC 2068 by the IETF, version 1.1 implemented a number of improvements over and above the 1.0 specification. One of the main improvements of 1.1 over 1.0 was the implementation of techniques such as persistent TCP connections, pipelining, and cache control to improve performance within HTTP-based applications.

Most browsers these days offer support for both 1.0 and 1.1 implementations, with new browsers using 1.1 as a default but supporting the ability to fall back to earlier versions if required. One thing the RFC definitions are clear to point out is that all implementations of the HTTP protocol should be backward compatible. That is to say that a browser implementing the HTTP/1.1 specification should be capable of receiving a 1.0 response from a server. Conversely, a 1.1 implementation on the server side should also be capable of responding to requests from a 1.0 browser.

It is well outside the bounds of this book to cover the HTTP protocols in huge detail, so let's concentrate on those elements most relevant to content switching.

Basic HTTP Page Retrieval

Let's start at the beginning and see how a basic browser retrieves a Web page from a Web server. The first important point to note is that a Web page is typically made up of many dozens of objects, ranging from the HTML base through to the images that are present on the page. The HTML can be thought of as the template for the page overall, instructing the browser on the layout of the text, font sizes and colors, background color of the page, and which other images need to be retrieved to make up the page.

Think of the process, taking place in the following order:

1.
Client sends a request for the required page to the Web server.

2.
The server analyzes the request and sends back an acknowledgment to the client along with the HTML code required to make the page.

3.
The client will begin interpreting the HTML and building the page.

4.
The client, in subsequent requests, will retrieve any embedded objects, such as images or other multimedia sources.

Once all elements of the page have been retrieved, the client browser will display the completed Web page. The order and timing of the process described previously depends largely on which implementation of HTTP is used—1.0 or 1.1—although all browsers work in this way of request and response.

HTTP Methods

HTTP does not only offer a mechanism for the client to receive data from the server, but also other communication types such as the passing of data from the client to the server. Such mechanisms are known within the HTTP specifications as a method. Table 3-1 shows the supported method types in HTTP/1.0 and 1.1.

Table 3-1. The HTTP Method Headers in HTTP/1.0 and HTTP/1.1
METHOD DESCRIPTION HTTP/1.0 HTTP/1.1
GET Retrieve the information specified. check mark check mark
HEAD Identical to the GET request, but the server must not return any page content other than the HTTP headers. check mark check mark
POST Allows the client to submit information to the server, used for submitting information from a form, etc. check mark check mark
PUT Allows the client to place an item on the server in the location specified.   check mark
DELETE Allows the client to delete the item specified in the request.   check mark
TRACE Allows the client to see the request it made to the server. This acts as a loopback in effect.   check mark
OPTIONS Allows the client to determine the communications options available on the server.   check mark


In terms of general Web browsing, the GET and POST methods are by far the most commonly used. For a browser to build a standard Web page, the GET method is used to retrieve each object individually, whereas for transactional Web sites implementing shopping cart style applications, the POST method will also be used.

The HTTP URL

The URL is the most important piece of information that the client browser includes in any GET request. The URL is defined as being a combination of the host where the site is located, the scheme used to retrieve the page, and the full path and filename. Optionally, the URL may include information such as the TCP port number to be used or a unique reference point within a larger page. Figure 3-1 shows the breakdown of an example URL.

Figure 3-1. An example URL and its components.


The URI is also commonly used when referencing the location of documents within HTTP. The formal definition of the difference between a URL and a URI is simple: A URI is a URL without the scheme defined.

Persistent Connections in HTTP

One of the other major differences in operation between HTTP/1.0 and HTTP/1.1 is the handling of TCP connections required to retrieve a full Web page. Given that a client will typically have to retrieve multiple objects to make up a single Web page, it is often inefficient to open and close TCP sessions repeatedly when retrieving objects from the same server. To improve the overall performance of HTTP in this instance, the protocol defines the Connection: header that communicates to the server whether the TCP session should be closed or remain open once the object has been retrieved. The Connection: header has two options:

  • Connection: Closed: The default for HTTP/1.0

  • Connection: Keep-Alive: The default for HTTP/1.1

The Closed state indicates that the server should close the TCP connection once the request has been fulfilled. The Keep-Alive state indicates that the server should keep the TCP connection open after the request has been fulfilled. Along with an obvious performance increase from removing the need to open and close TCP connections, the Keep-Alive state also allows the implementation of pipelining. Pipelining allows a client to send multiple HTTP GET requests over the same TCP connection without needing to wait for individual responses after each. Figure 3-2 shows the difference in these connection types.

Figure 3-2. The difference in TCP handling between HTTP/1.0 and HTTP/1.1.


The final piece in the puzzle of interaction between client and server is in opening multiple TCP connections. We've already seen that a client can open a persistent TCP connection to the server and pipeline HTTP requests. To further improve performance of the HTTP operation, many browsers will open several simultaneous connections. Figure 3-3 gives examples of pipelining and multiple connections.

Figure 3-3. Implementing pipelining and multiple connections as performance mechanisms.


Other HTTP Headers

The HTTP protocol includes definitions for dozens of headers that can be included in the client-to-server and server-to-client requests and responses. We will not attempt to list and describe all those available here; for a full description, the RFC for HTTP/1.0 and HTTP/1.1 offers a better source. The RFCs define a series of standard headers, which can be complemented by adding user-defined headers from either the client or server side.

As headers are ASCII readable text in every HTTP request and response pair, they can prove very useful in the implementation of content switching. Let's look at some of the HTTP headers most commonly used in content switching.

The "Accept:" Header

The client browser uses the "Accept:" header to indicate to the server which content and media types can be accepted. Examples of the "Accept:" header include:

Accept: */* Accept anything
Accept: text/plain; text/html Accept plain text and HTML
Accept: text/html; image/jpeg; image/bmp Accept HTML and JPEG and bitmap images


The "Accept:" header is useful in the context of content switching to be able to determine the capabilities of a particular client. If the client browser cannot accept images, for example, the request can be directed to a server optimized to deliver text-only versions of the Web pages.

The "Host:" Header

One of the main problems in the original HTTP/1.0 specification was that a user's request as typed into the browser (e.g., http://www.foocorp.com/index.html) would not contain the host (www.foocorp.com) element in the GET request sent to the server. This represents a problem if virtual hosting is used within a Web server farm, where the server is potentially hosting multiple Web sites and needs to use this host information to determine which path and page the user is requesting.

Within the HTTP/1.1 specification, and subsequently in many new HTTP/1.0 browsers, support was added for the "Host:" header. This allows the user's requested URL, typed into the browser, to be converted into a GET request containing the full path and filename along with the host from which the content is being fetched. The following is an example of translating a full URL into its component parts.

URL : http://www.foocorp.com/directory/somewhere/page.html

GET /directory/somewhere/page.html HTTP/1.0\r\n
Host: wwwfoocorp.com

The "Host:" header has many uses within content switching, examples of which are shown in Chapter 6, Content-Aware Server Load Balancing.

The "User-Agent:" Header

The "User-Agent:" header indicates to the server the type of browser being used by the client. The "User-Agent:" header is useful in the context of content switching as it can be used to determine the browser type used by the client and direct the request to a resource offering content optimized for such a browser. The following is an example of the "User-Agent:".

User-Agent: Mozilla/4.0(Compatible; MSIE 6.0; Windows NT 5.0)

Cookies—The HTTP State Management Mechanism

As we'll see in later chapters, one of the biggest challenges in HTTP environments, whether content switched or not, is maintaining some form of client-side state that enables Web servers and intermediary devices to recognize the client session and understand the current status of the user session. This issue was tackled in RFC 2109, which defined the use of the Set-Cookie and Cookie HTTP headers used to set and use the cookies, respectively. In HTTP, cookies take the form of a small piece of text information that is implanted into the user's browser either permanently or temporarily. The term cookie is commonly used in computing to describe an opaque piece of information held during a session and, unfortunately, seems to have no more interesting origin than that. Once the backend server has implanted the cookie into the user's browser, the information can be used for a number of different applications ranging from content personalization, user session persistence for online shopping, and the collection of demographic and statistical information on Web site usage.

The server issuing a Set-Cookie header in any HTTP response can post a cookie to the client at any time during an HTTP session. This Set-Cookie header has the following syntax:

Code View: Scroll / Show All
Set-Cookie: <name>=<value>; expires=<date>; path=<path>; domain=<domain>; secure

The name and value fields are the only ones that are mandatory when issuing a cookie. As the name suggests, these define the name of the cookie and its value, such as UserID=Phil, for example. The expires field identifies, down to the second, the date and time on which a cookie will expire and be deleted from the client computer. The path and domain fields indicate the domain, such as www.foocorp.com, and the URL, such as /home/brochures/, for which the cookie should be used. Both of these options can effectively be wild-carded by specifying foocorp.com to match www.foocorp.com and intranet.foocorp.com, for example. Finally, the secure field indicates to the client that the cookie should only be used when a secure connection (SSL secured HTTP or HTTPS) is used between the client and server. Figure 3-4 shows the interaction between a client and server as two different cookies are inserted and used.

Figure 3-4. The interaction between a client and a server when two different cookies are implanted and used.


The following code shows the HTTP responses from the server in more detail. Note that the second cookie includes the Path field, which will limit the use of the cookie to URLs requested by the user that include the string /docs.

Hypertext Transfer Protocol
    HTTP/1.1 200 OK\r\n
    Set-Cookie: UserID=Phil
    Connection: Keep-Alive\r\n
    Content-Type: text/html\r\n
    \r\n

Hypertext Transfer Protocol
    HTTP/1.1 200 OK\r\n
    Set-Cookie: UserType=Gold; Path=/docs
    Connection: Keep-Alive\r\n
    Content-Type: text/html\r\n
    \r\n

The mechanism that governs whether a cookie is permanent (i.e., stored on the hard disk of the user's machine) or temporary (i.e., removed once the user closes the browser application) is the Expires field in the Set-Cookie header. If the server does not issue an Expires directive when implanting the cookie, it is considered temporary, whereas if the Expires directive is used, then the cookie will be stored on the client machine until the expiry date has passed.

Cookies are by far one of the most useful additions made to the HTTP specifications, and as we'll see in later chapters can be used in conjunction with content switching to enable a whole host of new experience-enhancing services.

HTTP—Further Reading

It is outside the scope of this book to cover the HTTP protocol in its entirety;. the RFC for HTTP/1.1 alone is over 160 pages. For more in-depth detail on the protocol, it's worth looking at the following RFCs:

  • RCF 1945 Hypertext Transfer Protocol— HTTP/1.0

  • RFC 2068 Hypertext Transfer Protocol— HTTP/1.1

  • RFC 2109 HTTP State Management Mechanism


'Hacking' 카테고리의 다른 글

Positioning IDS Snort Sensor  (0) 2009.03.12
Snort: Monitoring Multiple Network Interfaces  (0) 2009.03.12
TCP Analysis - Section 4: TCP Flag Options  (0) 2009.03.11
Intel CPU Architecture  (0) 2009.03.11
Socket Capable Browser Plugins Result In Transparent Proxy Abuse  (0) 2009.03.10
Posted by CEOinIRVINE
l

TCP Analysis - Section 4: TCP Flag Options

Hacking 2009. 3. 11. 04:43

TCP Analysis - Section 4: TCP Flag Options

Introduction

As we have seen in the previous pages, some TCP segments carry data while others are simple acknowledgements for previously received data. The popular 3-way handshake utilises the SYNs and ACKs available in the TCP to help complete the connection before data is transferred.

Our conclusion is that each TCP segment has a purpose, and this is determined with the help of the TCP flag options, allowing the sender or receiver to specify which flags should be used so the segment is handled correctly by the other end.

Let's take a look at the TCP flags field to begin our analysis:

You can see the 2 flags that are used during the 3-way handshake (SYN, ACK) and data transfers.

As with all flags, a value of '1' means that a particular flag is 'set' or, if you like, is 'on'. In this example, only the "SYN" flag is set, indicating that this is the first segment of a new TCP connection.

In addition to this, each flag is one bit long, and since there are 6 flags, this makes the Flags section 6 bits in total.

You would have to agree that the most popular flags are the "SYN", "ACK" and "FIN", used to establish connections, acknowledge successful segment transfers and, lastly, terminate connections. While the rest of the flags are not as well known, their role and purpose makes them, in some cases, equally important.

We will begin our analysis by examining all six flags, starting from the top, that is, the Urgent Pointer:

1st Flag - Urgent Pointer

The first flag is the Urgent Pointer flag, as shown in the previous screen shot. This flag is used to identify incoming data as 'urgent'. Such incoming segments do not have to wait until the previous segments are consumed by the receiving end but are sent directly and processed immediately.

An Urgent Pointer could be used during a stream of data transfer where a host is sending data to an application running on a remote machine. If a problem appears, the host machine needs to abort the data transfer and stop the data processing on the other end. Under normal circumstances, the abort signal will be sent and queued at the remote machine until all previously sent data is processed, however, in this case, we need the abort signal to be processed immediately.

By setting the abort signal's segment Urgent Pointer flag to '1', the remote machine will not wait till all queued data is processed and then execute the abort. Instead, it will give that specific segment priority, processing it immediately and stopping all further data processing.

If you're finding it hard to understand, consider this real-life example:

At your local post office, hundreds of trucks are unloading bags of letters from all over the world. Because the amount of trucks entering the post office building are abundant, they line up one behind the other, waiting for their turn to unload their bags.

As a result, the queue ends up being quite long. However, a truck with a big red flag suddenly joins the queue and the security officer, whose job it is to make sure no truck skips the queue, sees the red flag and knows it's carrying very important letters that need to get to their destination urgently. By following the normal procedures, the security officer signals to the truck to skip the queue and go all the way up to the front, giving it priority over the other the trucks.

In this example, the trucks represent the segments that arrive at their destination and are queued in the buffer waiting to be processed, while the truck with the red flag is the segment with the Urgent Pointer flag set.

A further point to note is the existence of theUrgent Pointer field. This field is covered in section 5, but we can briefly mention that when the Urgent Pointer flag is set to '1' (that's the one we are analysing here), then the Urgent Pointer field specifies the position in the segment where urgent data ends.

2nd Flag - ACKnowledgement

The ACKnowledgement flag is used to acknowledge the successful receipt of packets.

If you run a packet sniffer while transferring data using the TCP, you will notice that, in most cases, for every packet you send or receive, an ACKnowledgement follows. So if you received a packet from a remote host, then your workstation will most probably send one back with the ACK field set to "1".

In some cases where the sender requires one ACKnowledgement for every 3 packets sent, the receiving end will send the ACK expected once (the 3rd sequential packet is received). This is also called Windowing and is covered extensively in the pages that follow.

3rd Flag - PUSH

The Push flag, like the Urgent flag, exists to ensure that the data is given the priority (that it deserves) and is processed at the sending or receiving end. This particular flag is used quite frequently at the beginning and end of a data transfer, affecting the way the data is handled at both ends.

When developers create new applications, they must make sure they follow specific guidelines given by the RFC's to ensure that their applications work properly and manage the flow of data in and out of the application layer of the OSI model flawlessly. When used, the Push bit makes sure the data segment is handled correctly and given the appropriate priority at both ends of a virtual connection.

When a host sends its data, it is temporarily queued in the TCP buffer, a special area in the memory, until the segment has reached a certain size and is then sent to the receiver. This design guarantees that the data transfer is as efficient as possible, without waisting time and bandwidth by creating multiple segments, but combining them into one or more larger ones.

When the segment arrives at the receiving end, it is placed in the TCP incoming buffer before it is passed onto the application layer. The data queued in the incoming buffer will remain there until the other segments arrive and, once this is complete, the data is passed to the application layer that's waiting for it.

While this procedure works well in most cases, there are a lot of instances where this 'queueing' of data is undesirable because any delay during queuing can cause problems to the waiting application. A simple example would be a TCP stream, e.g real player, where data must be sent and processed (by the receiver) immediately to ensure a smooth stream without any cut offs.

A final point to mention here is that the Push flag is usually set on the last segment of a file to prevent buffer deadlocks. It is also seen when used to send HTTP or other types of requests through a proxy - ensuring the request is handled appropriately and effectively.

4th Flag - Reset (RST) Flag

The reset flag is used when a segment arrives that is not intended for the current connection. In other words, if you were to send a packet to a host in order to establish a connection, and there was no such service waiting to answer at the remote host, then the host would automatically reject your request and then send you a reply with the RST flag set. This indicates that the remote host has reset the connection.

While this might prove very simple and logical, the truth is that in most cases this 'feature' is used by most hackers in order to scan hosts for 'open' ports. All modern port scanners are able to detect 'open' or 'listening' ports thanks to the 'reset' function.

The method used to detect these ports is very simple: When attempting to scan a remote host, a valid TCP segment is constructed with the SYN flag set (1) and sent to the target host. If there is no service listening for incoming connections on the specific port, then the remote host will reply with ACK and RST flag set (1). If, on the other hand, there is a service listening on the port, the remote host will construct a TCP segment with the ACK flag set (1). This is, of course, part of the standard 3-way handshake we have covered.

Once the host scanning for open ports receives this segment, it will complete the 3-way handshake and then terminate it using the FIN (see below) flag, and mark the specific port as "active".

5th Flag - SYNchronisation Flag

The fifth flag contained in the TCP Flag options is perhaps the most well know flag used in TCP communications. As you might be aware, the SYN flag is initialy sent when establishing the classical 3-way handshake between two hosts:

In the above diagram, Host A needs to download data from Host B using TCP as its transport protocol. The protocol requires the 3-way handshake to take place so a virtual connection can be established by both ends in order to exchange data.

During the 3-way handshake we are able to count a total of 2 SYN flags transmitted, one by each host. As files are exchanged and new connections created, we will see more SYN flags being sent and received.

6th Flag - FIN Flag

The final flag available is the FIN flag, standing for the word FINished. This flag is used to tear down the virtual connections created using the previous flag (SYN), so because of this reason, the FIN flag always appears when the last packets are exchanged between a connection.

It is important to note that when a host sends a FIN flag to close a connection, it may continue to receive data until the remote host has also closed the connection, although this occurs only under certain circumstances. Once the connection is teared down by both sides, the buffers set aside on each end for the connection are released.

A normal teardown procedure is depicted below:

The above diagram represents an existing connection betwen Host A and B, where the two hosts are exchanging data. Once the data transfer is complete, Host A sends a packet with the FIN, ACK flags set (STEP 1).

With this packet, Host A is ACKnowledging the previous stream while at the same time initiating the TCP close procedure to kill this connection. At this point, Host A's application will stop receiving any data and will close the connection from this side.

In response to Host A's request to close the connection, Host B will send an ACKnowledgement (STEP 2) back, and also notify its application that the connection is no longer available. Once this is complete, the host (B) will send its own FIN, ACK flags (STEP 3) to close their part of the connection.

If you're wondering why this procedure is required, then you may need to recall that TCP is a Full Duplex connection, meaning that there are two directions of data flow. In our example this is the connection flow from Host A to Host B and vice versa. In addition, it requires both hosts to close the connection from their side, hence the reason behind the fact that both hosts must send a FIN flag and the other host must ACKnowledge it.

Lastly, at Step 4, Host A willl acknowledge the request Host B sent at STEP 3 and the closedown procedure for both sides is now complete!

Summary

This page dealt with the TCP Flag Options available to make life either more difficult, or easy, depending on how you look at the picture :)

Perhaps the most important information given on this page that is beneficial to remember is the TCP handshake procedure and the fact that TCP is a Full Duplex connection.

The following section will examine the TCP Window size, Checksum and Urgent Pointer fields, all of which are relevant and very important. For this reason we strongly suggest you read through these topics, rather than skip over them.

'Hacking' 카테고리의 다른 글

Snort: Monitoring Multiple Network Interfaces  (0) 2009.03.12
HTTP HyperText Transfer Protocol (HTTP)  (0) 2009.03.11
Intel CPU Architecture  (0) 2009.03.11
Socket Capable Browser Plugins Result In Transparent Proxy Abuse  (0) 2009.03.10
Staring Into The Abyss, A Bit Before Cansec  (0) 2009.03.10
Posted by CEOinIRVINE
l

Intel CPU Architecture

Hacking 2009. 3. 11. 03:05

Intel® 64 and IA-32 Architectures Software Developer's Manuals
 
 
These manuals describe the architecture and programming environment of the Intel® 64 and IA-32 processors. Electronic versions of these documents allow you to quickly get to the information you need and print only the pages you want. At present, downloadable PDFs of Volumes 1 through 5 are at version 029 and printed manuals of version 028 will be available soon. The downloadable PDF of the Intel 64 and IA-32 Architectures Optimization Reference manual is at version 017 and the printed manual at version 017.
 
Intel® 64 Architecture x2APIC Specification
This document describes the x2APIC architecture which is extended from the xAPIC architecture. Extensions to the xAPIC architecture are intended primarily to increase processor addressability. The x2APIC architecture provides backward compatibility to the xAPIC architecture and forward extendability for future Intel platform innovations.
Download ›
(PDF 325KB)
  
 
Intel® 64 and IA-32 Architectures Application Note
TLBs, Paging-Structure Caches, and Their Invalidation
This application note is for supplemental information for the Intel® 64 and IA-32 Architectures Software Developer’s Manual Volumes 3A and 3B.
Download ›
(PDF 235KB)
  
 
Intel® 64 and IA-32 Architectures Software Developer's Manual
Documentation Changes
Describes bug fixes made to the Intel® 64 and IA-32 Architectures Software Developer's Manual between versions.
Download ›
  
 
Intel® 64 and IA-32 Architectures Software Developer's Manual
Volume 1: Basic Architecture
Describes the architecture and programming environment of processors supporting IA-32 and Intel® 64 Architectures.
Download ›
(PDF 3.72MB)
Order a printed copy ›
(SKU #253665)
 
Intel® 64 and IA-32 Architectures Software Developer's Manual
Volume 2A: Instruction Set Reference, A-M
Describes the format of the instruction and provides reference pages for instructions (from A to M). This volume also contains the table of contents for both Volumes 2A and 2B.
Download ›
(PDF 3.40MB)
Order a printed copy ›
(SKU #253666)
 
Intel® 64 and IA-32 Architectures Software Developer's Manual
Volume 2B: Instruction Set Reference, N-Z
Provides reference pages for instructions (from N to Z). VMX instructions are treated in a separate chapter. This volume also contains the appendices and index support for Volumes 2A and 2B.
Download ›
(PDF 6.47MB)
Order a printed copy ›
(SKU #253667)
 
Intel® 64 and IA-32 Architectures Software Developer's Manual
Volume 3A: System Programming Guide
Describes the operating-system support environment of an IA-32 and Intel® 64 architectures, including: memory management, protection, task management, interrupt and exception handling, multi-processor support, and thermal and power management features. This volume also contains the table of contents for both Volumes 3A and 3B.
Download ›
(PDF 8.90MB)
Order a printed copy ›
(SKU #253668)
 
Intel® 64 and IA-32 Architectures Software Developer's Manual
Volume 3B: System Programming Guide
Continues the coverage on system programming subjects begun in Volume 3A. Volume 3B covers debugging, performance monitoring, system management mode, and Intel® Virtualization Technology (Intel® VT). This volume also contains the appendices and indexing support for Volumes 3A and 3B.
Download ›
(PDF 4.73MB)
Order a printed copy ›
(SKU #253669)
 
Intel® 64 and IA-32 Architectures Optimization Reference Manual
Intel® 64 and IA-32 Architectures Optimization Reference Manual provides information on Intel® Core™ processors, Intel NetBurst® microarchitecture and other recent Intel® microarchitectures. It describes code optimization techniques to enable you to tune your application for highly optimized results when run on Intel® Atom™, Intel® Core™ processors, Intel® Core™ processors2 Duo, Intel® Core™ processors Duo, Intel® Xeon®, Intel® Pentium® 4, and Intel® Pentium® M processors.
Download ›
(PDF 4.43MB)
Order a printed copy ›
(SKU #248966)
 
Intel® 64 Architecture Memory Ordering White Paper
This document has been merged into Volume 3A of Intel 64 and IA-32 Architectures Software Developer’s Manual.
 

'Hacking' 카테고리의 다른 글

HTTP HyperText Transfer Protocol (HTTP)  (0) 2009.03.11
TCP Analysis - Section 4: TCP Flag Options  (0) 2009.03.11
Socket Capable Browser Plugins Result In Transparent Proxy Abuse  (0) 2009.03.10
Staring Into The Abyss, A Bit Before Cansec  (0) 2009.03.10
Apple Airport Extreme / Time Capsule Multiple Vulnerabilities  (0) 2009.03.07
Posted by CEOinIRVINE
l

Socket Capable Browser Plugins Result In Transparent Proxy Abuse

Hacking 2009. 3. 10. 09:53

Socket Capable Browser Plugins Result In Transparent Proxy Abuse

We're pleased to announce the availability of 'Socket Capable Browser Plugins Result In Transparent Proxy Abuse'. This document outlines the abuse case in CERT's VU #435052 advisory published last month.

Abstract

"Transparent proxies allow organizations to influence and monitor the traffic from its users without their knowledge or participation. Transparent proxies act as intermediaries between a user and end destination, and aren't generally apparent to users sitting behind them. Enterprises, Hotels, and Internet Service Providers often use transparent proxy products to lower bandwidth consumption,speed up page loads for their users, and for monitoring and filtering of web surfing. When certain transparent proxy architectures are in use an attacker can achieve a partial Same Origin Policy Bypass resulting in access to any host reachable by the proxy via the use of client plug-in technologies (such as Flash, Applets, etc) with socket capabilities. This write up will describe this architecture, how it may be abused by Flash, its existence in various network layouts, and mitigations."

Download Paper: http://www.thesecuritypractice.com/the_security_practice/TransparentProxyAbuse.pdf

CERT Advisory: http://www.kb.cert.org/vuls/id/435052

'Hacking' 카테고리의 다른 글

TCP Analysis - Section 4: TCP Flag Options  (0) 2009.03.11
Intel CPU Architecture  (0) 2009.03.11
Staring Into The Abyss, A Bit Before Cansec  (0) 2009.03.10
Apple Airport Extreme / Time Capsule Multiple Vulnerabilities  (0) 2009.03.07
DLL injection Wiki  (0) 2009.03.04
Posted by CEOinIRVINE
l
◀ 이전페이지 1 ··· 11 12 13 14 15 16 17 ··· 27 다음페이지 ▶
블로그 이미지
Information Security & US & Life & Love & Fashion & Hacking & Passion hack, web security, game security, game hack, fps, ava, wow, starcraft II, soldier front, gunz, reverse engineering, SQL injection, XSS, hacking, penetration testings, IT, internet technlogoy, security, penetratoin testing, XSS, XSRF CEOinIRVINE

최근에 올라온 글

공지사항

카테고리

CEOinIRVINE (2282)
Editorials (4)
Finance & EMBA (1)
Fashion (239)
IT (215)
Hacking (266)
Online Game (17)
Vocabulary (14)
iLoveBlackberry (2)
Business (1108)
Politics (165)
US News (115)
World News (63)
Career Consulting (8)
Apple (5)
Car (13)
Travel (5)
Irvine (3)
Sports (3)
recipe (1)
Music (15)
TVs (11)
Spanish (1)
Cyber Law (1)
Perl (3)
Java (1)
Stock (1)
Artificial Intelligence (1)

태그목록

달력

«   2025/05   »
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

링크

  • Total :
  • Today :
  • Yesterday :
tistory 티스토리 가입하기!
rss

최근에 달린 댓글

최근에 받은 트랙백

글 보관함

티스토리툴바