Drive-By Software Installs, Now in Ubuntu!
As a product of my insomnia I came across a digg article outlining a feature of Ubuntu called apturl. Aparentally apturl allows you to install software via apt in Ubuntu by adding the “apt” protocol handler. So a link to “apt:gnome-main-menu” will install the Gnome main menu software. The interesting part here is that you can force browse a user into visiting the “apt” uri by using an iFrame. Granted, a warning box pops asking you if you’d like to install the packages but I’d imagine you can bypass this behavior (it’ being 2:14 am my passion to do research …
When securing your application isn’t enough
I’d like to bring up the recently discovered and still fairly ill-defined strain of malware dubbed the “random js rootkit” to our web friends out there. It is a quick lesson for the uninitiated in just how vicious the “bad guys” out there are in this day and age, and how you really need to be looking at the overall picture for securing your applications. We here at onelittlewindow are known for being outspoken about trying to raise consciousness in the area of securing web applications. But really, underlying that message is one of a broader nature — that really, …