[lug] Web crawler advice
nate at natetech.com
Tue May 6 17:54:31 MDT 2008
karl horlen wrote:
> But how does one attach a js to an image if you don't control the page
> that loads the image? Since someone is deep linking the image from a
> page you don't own, if you don't own or control the page you can't
> insert js.
He's definitely saying the attacker owns the page the "fake" image tag
How hard is it to set up a web page on a server, put up something
"interesting" enough to the general public to get a few thousand page
views a day, and then embed evil things in it? Not very.
Now move that webserver off-shore where it's harder to get the attention
of the authorities and/or the ISP... but keep your ".com" domain name on
the foreign IP address...
You get the idea. Evil incarnate. And more common than people think,
sadly. Indiscriminate web browsing and bad browser behavior is right up
there with some of the worst real "threats" to modern computing as it
Common techniques today are starting to become things like "contained"
environments or "sandboxes" where the browser is only used/loaded inside
a virtualized OS that can be wiped and reloaded, keeping (hopefully) the
host OS safe from harm.
More information about the LUG