Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New attack exploits virtually all intranets, VPNs

redsoxh8r (1126731) writes | more than 5 years ago

Security 1

redsoxh8r (1126731) writes "Security researcher Robert Hansen, known as Rsnake, has developed a new class of attacks that abuses a weakness in many corporate intranets and most browsers to compromise remote machines with persistent JavaScript backdoors. Threatpost reports: "The attacks rely on the long-term caching policies of some browsers and take advantage of the collisions that can occur when two different networks use the same non-routable IP address space, which happens fairly often because the amount of address space is quite small. The bottom line is that even a moderately skilled attacker has the ability to compromise remote machines without the use of any vulnerability or weakness in the client software. "If you're even vaguely clever, developing this might take you two hours. It's not that difficult," said Robert Hansen, the researcher who wrote about the attacks in a white paper published this week, called "RFC1918 Caching Security Issues.""
Link to Original Source

cancel ×

1 comment

Sorry! There are no comments related to the filter you selected.

Thanks IETF!! (1)

Trailrunner7 (1100399) | more than 5 years ago | (#28284207)

I think this is similar to a problem that networking people have been dealing with for like 15 years. The main problem is in the RFC, which was written before there were hundreds of millions of machines on the interwebs.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?