Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US
From: Valdis.Kletnieks () vt edu
Date: Tue, 30 Sep 2008 17:31:53 -0400

On Tue, 30 Sep 2008 16:30:09 EDT, Eliah Kagan said:
When a http indexing bot (like those used by Google, for instance)
comes upon a hyperlink into a page that is http authenticated, does it
follow the link and try a blank password, or does it not follow the
link? Is there some accepted standard for that?

The actual (slightly simplified) sequence of events:

1) Software (spider or browser) finds a link.
2) Software tries to follow the link.
3) The server sends back an error code that says "Nope, you need http auth here"
4a) Browser now puts up the box that asks for userid/password.
4b) spider gives up unless it's been configured to know the userid/password (for
instance, if it's a spider internal to the organization).
5) Armed with the proper userid/password, the software then makes a *second*
request for the page.

Here's another question...suppose someone finds that a Pentagon system
is open to access and modification by anyone in the world, and then
that person informs the appropriate governmental authorities rather
than accessing the system. In response to that information, wouldn't
the system administrators then **also have to investigate and then,
regardless of the outcome, flatten and rebuild the system**?

It's *possible* that upon investigation, you can prove the system wasn't in
fact compromised.  For example, if the vulnerability was *known* to have been
created last Tuesday at 10:18AM by a botched software install, and you have
router netflow and firewall logs that show *every* access to the box since
10:18AM Tuesday, then you might be able to definitively say that nothing used
the vulnerability to gain access.  This is usually a *lot* easier than
figuring out what an intruder did once they had free and unfettered access
to the system.

The details, of course, will depend on the nature of the vulnerability,
what sort of logs are kept by the organization, and how long a window has

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]