What is Digg?6 Comments
- f3l1x, on 10/10/2007, -0/+3I've seen this before. They do common javascript attacks but xor encrypt the script with the length as the key. then hex encode that string into a var. the run functions to unescape and eval xor with the string length as the key. I've written IDS signatures for this activity already but that's not to say this is entirely detectable. best bet is to be able to disable specific javascript functions like xor and hex functions. (webkit dev or grease monkey scripts).
So in short, this is nothing new... but still beware because its not like anyone has done anything about it. - arunforce, on 10/10/2007, -0/+2Someone JUST thought of dynamically naming a function...?
- dsn0wman, on 10/10/2007, -1/+3Say goodbye to signature based anti-virus software. Whoo Hoo!
- ftbl52, on 10/10/2007, -0/+1I love my NoScript.
- themilk, on 10/10/2007, -0/+1i wish it would say what active x control is affected. are there any programs that will run a browser in a sandbox environment or something?
- Tippis, on 10/10/2007, -0/+1In the meantime, I'm happy I've turned off iframes ;P
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is