Bugtraq mailing list archives
Re: Firekeeper - IDS for Firefox available
From: Jan Wrobel <wrobel () blues ath cx>
Date: Sun, 11 Mar 2007 12:16:34 +0100
On Fri, 9 Mar 2007, Bob Beck wrote:
* Jex <hewhohuntscats () gmail com> [2007-03-09 13:27]: ...rules similar to Snort ones to describe browser based attack attempts. All incoming HTTP and HTTPS traffic is scanned with these rules. HTTPS and compressed responses are scanned after decryption/decompression.So the next snort style overflow/format string/etc bug from all that string bashing code going on in the ids can now let the attacker compromise a process with access to my https stream decrypted - probably on an already convieniently open descriptor. Yeah. Baby. "Web Browers are Bloated Fscking Monsters that are full of bugs" "Lets add more code to look for people exploiting the bugs - of course this code won't have bugs.."
Isn't it the case with every software created to add some protection to you computer? Firewalls, antiviruses, IDSes etc. are all adding code to your operating system that may, in the future, be found vulnerable to some attack. It is just the question whether protection they provide compensates additional threat they may introduce. Jan Wrobel
Current thread:
- Firekeeper - IDS for Firefox available Jan Wrobel (Mar 07)
- Re: Firekeeper - IDS for Firefox available Jex (Mar 09)
- Re: Firekeeper - IDS for Firefox available Bob Beck (Mar 10)
- Re: Firekeeper - IDS for Firefox available Jan Wrobel (Mar 13)
- Re: Firekeeper - IDS for Firefox available Bob Beck (Mar 13)
- Re: Firekeeper - IDS for Firefox available Gadi Evron (Mar 15)
- Re: Firekeeper - IDS for Firefox available Bob Beck (Mar 10)
- Re: Firekeeper - IDS for Firefox available Jan Wrobel (Mar 13)
- Re: Firekeeper - IDS for Firefox available Jex (Mar 09)
- <Possible follow-ups>
- Re: Re: Firekeeper - IDS for Firefox available irondell (Mar 13)