Slashdot Mirror


New Exploit Uses JavaScript To Compromise Intranets, VPNs

redsoxh8r writes "Security researcher Robert Hansen, known as Rsnake, has developed a new class of attack that abuses a weakness in many corporate intranets and most browsers to compromise remote machines with persistent JavaScript backdoors. Threatpost reports: 'The attacks rely on the long-term caching policies of some browsers and take advantage of the collisions that can occur when two different networks use the same non-routable IP address space, which happens fairly often because the amount of address space is quite small. The bottom line is that even a moderately skilled attacker has the ability to compromise remote machines without the use of any vulnerability or weakness in the client software.'"

1 of 87 comments (clear)

  1. Re:Author of article is a fucking cunt by Anonymous Coward · · Score: -1, Flamebait

    You sir are wrong. Define "normally used". The author seems to be a noob who thinks rfc1918 is 10/8 and 192.168/16, and that people only use a few subnets out of this space. WRONG.

    And he then says the available pool is 1280 addresses. It is not 1280 addresses, rather a figure in the millions.

    Can you spell ignorant? What about short sighted? What about naive? All 3 of those words come to mind when reading this imbeciles attempt at this supposed exploit.