Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Exploit Uses JavaScript To Compromise Intranets, VPNs

Posted by timothy on from the criminal-enterprises-deal-in-cache dept.

redsoxh8r writes "Security researcher Robert Hansen, known as Rsnake, has developed a new class of attack that abuses a weakness in many corporate intranets and most browsers to compromise remote machines with persistent JavaScript backdoors. Threatpost reports: 'The attacks rely on the long-term caching policies of some browsers and take advantage of the collisions that can occur when two different networks use the same non-routable IP address space, which happens fairly often because the amount of address space is quite small. The bottom line is that even a moderately skilled attacker has the ability to compromise remote machines without the use of any vulnerability or weakness in the client software.'"

4 of 87 comments (clear)

  1. Phew! by unifyingtheory · · Score: 5, Funny

    Good thing I don't use the Internet.

  2. Straight from the horse mouth by Saija · · Score: 5, Informative

    here

    --
    Slashdot ya no es que lo era! ;)
  3. o..k by QuantumG · · Score: 5, Informative

    Yes, if you control the server end of a VPN connection you can tell the other end what to route you.. assuming the client has been configured that way. Why are VPN connections configured that way? Because the admin is considered the trusted party. The user (typically an employee) trusts the admin to be more secure than he is.

    If the server was setup to route whatever the client said to route, that would be bad, but it's mostly not the case.

    --
    How we know is more important than what we know.
  4. I don't see any actual erxploit here by brunes69 · · Score: 5, Insightful

    All it is is a pretty wild theory that an exploit could occur... and there are a vast number of increasingly unlikely events that have to transpire for it to happen.

    a) Your browser has to have unpatched remote script injection exploits.

    b) You have to be using VPN to connect to *an untrusted network*. This is the opposite of what you normally use VPN for

    c) Once connected to this insecure network via VPN, you have to for some reason visit a page on it that shares the IP address as another web server in your network. As well, the person who is hosting the exploit script on this page (that they are trying to cache) has to also know the name of the exact same script file *on your network*, so that the cache will pick it up the next time you connect to your own resources.

    To me, all seems very unlikely. Sure, you could do this in a lab environment, but in the real world, if a would-be-intruder already knew that much about your network, and you are for some reason VPN'ing into a network that they control, then you likely have bigger issues with physical security and meat-space trust relationships in our business, and are already screwed over.