New Exploit Uses JavaScript To Compromise Intranets, VPNs
redsoxh8r writes "Security researcher Robert Hansen, known as Rsnake, has developed a new class of attack that abuses a weakness in many corporate intranets and most browsers to compromise remote machines with persistent JavaScript backdoors. Threatpost reports: 'The attacks rely on the long-term caching policies of some browsers and take advantage of the collisions that can occur when two different networks use the same non-routable IP address space, which happens fairly often because the amount of address space is quite small. The bottom line is that even a moderately skilled attacker has the ability to compromise remote machines without the use of any vulnerability or weakness in the client software.'"
You sir are wrong. Define "normally used". The author seems to be a noob who thinks rfc1918 is 10/8 and 192.168/16, and that people only use a few subnets out of this space. WRONG.
And he then says the available pool is 1280 addresses. It is not 1280 addresses, rather a figure in the millions.
Can you spell ignorant? What about short sighted? What about naive? All 3 of those words come to mind when reading this imbeciles attempt at this supposed exploit.