[Emerging-Sigs] A modest proposal: obfuscated javascript...
dxp
dxp2532 at gmail.com
Fri Mar 14 19:55:20 EST 2008
There was an interesting discussion about de-obfuscating code on the
Focus-IDS mailing list (focus-ids at securityfocus.com).
The thread is "Obfuscated web
pages" (http://seclists.org/focus-ids/2008/Feb/0016.html).
On Fri, 2008-03-14 at 17:49 -0400, Scott Melnick wrote:
> On Fri, Mar 14, 2008 at 12:20 PM, David Glosser
> <david.glosser at gmail.com> wrote:
>
> I wasn't even thinking of rules, I was thinking of
> "challenging" the
> googles of the world not to index these sites (and by
> extension sites
> which have been defaced), and "challenge" the firefox
> builders (and
> IE) not to have their browser process obfuscated javascript.
>
>
> But what about the legitimate sites that are using packers to shorten
> their code? CNN, etc. It would be too much heat for them to start
> X'ing them out.
>
>
>
> But IDS rules, and maybe a firefox/IE plugin would be
> interesting....
>
>
>
>
>
> A HIDS type of plugin to unpack JS and check it before executing would
> be cool. I know that some people are talking about building this into
> a proxy type IDS systems.
>
>
>
>
> Scott Melnick
>
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
--
-=[ dxp ]=-
0xA3F3C6E3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20080314/e925b057/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20080314/e925b057/attachment.bin
More information about the Emerging-sigs
mailing list