[Emerging-Sigs] A modest proposal: obfuscated javascript...
Scott Melnick
duckie37 at gmail.com
Fri Mar 14 16:49:19 EST 2008
On Fri, Mar 14, 2008 at 12:20 PM, David Glosser <david.glosser at gmail.com>
wrote:
> I wasn't even thinking of rules, I was thinking of "challenging" the
> googles of the world not to index these sites (and by extension sites
> which have been defaced), and "challenge" the firefox builders (and
> IE) not to have their browser process obfuscated javascript.
>
But what about the legitimate sites that are using packers to shorten their
code? CNN, etc. It would be too much heat for them to start X'ing them out.
>
> But IDS rules, and maybe a firefox/IE plugin would be interesting....
>
>
A HIDS type of plugin to unpack JS and check it before executing would be
cool. I know that some people are talking about building this into a proxy
type IDS systems.
Scott Melnick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20080314/f31db275/attachment.html
More information about the Emerging-sigs
mailing list