Home page logo
/

basics logo Security Basics mailing list archives

Re: Eliminate iframes
From: Joshua Trabing <j_trabing () me com>
Date: Wed, 26 Jun 2013 07:44:17 -0600


NoScript works well. Scales laterally by following the uses out of the work place also. 


Josh



On Jun 26, 2013, at 4:54 AM, Andre Silaghi <andre.silaghi () googlemail com> wrote:

Thank you Terrence,

indeed it is cheap but costs will grow because you have to maintain
the regex pattern list. I think of something which is driven by
communities or companies although I find it quite dangerous to trust
the community or company. But I guess there is no other cheap way
around this.

best regards
andré

2013/6/21 Terrence O'Connor <terrence.oconnor () gmail com>:
You could setup a scanning reverse proxy that checks for that regex pattern
and blocks those types of requests.  That's the cheap solution.

--
Terrence O'Connor

On Friday, June 21, 2013 at 9:31 AM, Andre Silaghi wrote:

hi community,

I am curious about your way of getting rid of iframes within large -
enterprise - networks. The problem is that a couple of websites are
trying to infect you using drive-by downloads mostly via iframes
within hijacked websites. The firewalls will not do it since it
operates only in osi level 3 or 4 but not within the application level
where iframes are usually transfered via http.

Is there any solution you could propose?

best regards,
andré

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]