[HardOCP] 685 Million Users Exposed to XSS Attacks Due to Flaws in Branch.io Service - Page 2 - Overclock.net - An Overclocking Community

Forum Jump: 

[HardOCP] 685 Million Users Exposed to XSS Attacks Due to Flaws in Branch.io Service

Reply
 
Thread Tools
post #11 of 13 (permalink) Old 10-17-2018, 08:02 PM
New to Overclock.net
 
prjindigo's Avatar
 
Join Date: Mar 2011
Posts: 1,664
Rep: 152 (Unique: 89)
Quote: Originally Posted by Flames21891 View Post
Okay, sorry to bug you guys once more but I'm about to learn something it seems and I just want to make sure I'm getting it right.

So a modern WAF is capable of keeping kind of a fingerprint database of XSS behavior so that it can detect common attack vectors, which you can then configure an ACL to actually handle (allow, deny or log) and the reason we know that one either wasn't being used or was very poorly configured is that this DOM XSS attack isn't a new or particularly special method of XSS and should have easily been picked up or blocked by a decent WAF. That about cover it?
They won't grasp the concept that it's as old as 98SE because it doesn't come with a click-box.
prjindigo is offline  
Sponsored Links
Advertisement
 
post #12 of 13 (permalink) Old 10-23-2018, 09:48 PM
Old to Overclock.net
 
xJumper's Avatar
 
Join Date: Jan 2008
Posts: 1,912
Rep: 103 (Unique: 92)
Another reason to be using No Script/uBlock/uMatrix and blocking most if not all scripts/remote content/etc...

362436
(15 items)
CPU
AMD Ryzen 5 1600
Motherboard
Asus Prime X370-A AMD Ryzen AM4 DDR4
GPU
Gigabyte GeForce GTX 950
RAM
2x Corsair Valueselect 8GB 288 Pin DDR4 SDRAM DDR4 @ 2133
Hard Drive
Corsair Force LS 2.5" 120GB SATA III MLC SSD
Optical Drive
Lite-On 24X SATA DVD/RW Optical Drive
Power Supply
Corsair RM550x 550W 80 Plus Gold
Cooling
Noctua NH-L9A-AM4 Low-Profile
Case
Antec NSK4100 Steel ATX Mid Tower
Operating System
Mint 18.2 x64
Monitor
HP 24" LCD/LED 1920x1080
Keyboard
IBM PC-AT
Mouse
Logitech G5
Audio
Sennheiser HD650
Audio
Asus Essence STX II
▲ hide details ▲


xJumper is offline  
post #13 of 13 (permalink) Old 10-23-2018, 11:16 PM
Performance is the bible
 
Join Date: Apr 2009
Posts: 6,522
Rep: 432 (Unique: 298)
Quote: Originally Posted by JedixJarf View Post
https://aws.amazon.com/about-aws/wha...tch-condition/ Here is some super high level basic info, but it paints the narritive.
So it's not a solution, just a way to monitor XSS injection scripts and try to prevent mass scripting?
Seems like a bandaid really.


Defoler is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off