On Sat, 2014-08-30 at 20:18 -0700, Tod Merley wrote: > What sort of security issues are indicated by redirection? Wasn't me that suggested there were any. It were you that said you thought they were. But anyway... If you browse to your bank's domain name, they may bump you to another address of a particular page in their service. As you log in, the same thing will happen. And as you browse through their site, you may find that a link points to one page, yet you end up at another address. That's just how their site works. They never thought to start at just <http://bank.example.com/>, but set their system up to start from <http://bank.example.com/cgi/blargle-floogle>, and shove you over into that other address as a redirect. And should they re-organise some other part inside their site, instead of rewriting all the pages with the new addresses, they'll set up redirects for the server to translate the old addresses into the new ones. Some also make handy shortcuts for their customers, as a convenience to them, so they can have a string of simple addresses to tell people to use (such as bank.example.com/loans and bank.example.com/savings) that lead to much more difficult to type addresses. This is all normal stuff. On the other hand, if a hacker has got into the site, and managed to slip in a redirection that moves you way from the site's own pages, and onto the hacker's ones, that's a security issue. And if a hacker has hacked a bank, I'd abort trying to use it completely. That's something the real service has to fix up, it's not something that you could step around to keep on doing your banking. Web forums are probably more of a likely redirection issue for casual abuse. Where someone has managed to craft a post to the forum that's included some JavaScript that the forum hasn't stripped out and thrown away, and suddenly the site is sending out code that a hacker wants, instead. So, your PC help site suddenly has fake "scan your computer for viruses" and other crap attached to it. I don't have forums, or guest books, or anything that outsiders can publish to my website, but I'm forever seeing things in the logs that are malicious. They're trying to find CGI/PHP/etc scripts (that I don't have), so that they can abuse the script to do something nasty. And I find search queries that have nothing to do with my site, and referrers back to gambling or adult sites (they're just hoping that links to them might get published somewhere on the site, automatically). > What would they be doing (or not doing) in the programming from their > end which would cause this? Without seeing what they're doing, who could know? But I'm more inclined to believe in programming errors for login failure, than other things. I see the same thing when I log in to Fedora. I've typed the password perfectly, but sometimes I'm bounced back to the login page as if I've mistyped it. > > Could problems with DNS or other parts of the IP stack be involved? If you've already connected to the site, then you've got working DNS answers cached. Your browser is going to keep connecting to the same IP for the same domain name, for as long as the data is cached. Even with ridiculously short time-out periods, of a few seconds, most browsers will use what they found out, the first time, until they're closed down again. > Why would closing the browser and shutting off the machine and finding > a more secure internet connection not help? Why do you think rebooting is going to help? It's not windows, and the rest of the outside world isn't going to know whether a three minute break in trying to reconnect to a site is due to you reading a page for a long time, or you've rebooted. > > Is it possible for someone to hijack an internet connection in a way > which would allow them to see my responses to the bank/storesite but > would not allow them to receive and re-transmit to me the "my picture > and text" page? Read up about "man in the middle attacks." I'd only be trying to explain the same thing, and someone's bound to be able to explain them better than I can. > Since I am planning on using the browser (and install) only to do the > occasional internet transaction how is flushing cache and cookies > likely to help? If a browsing problem has occurred because you've cached a bad result, then flushing the cache means that your browser doesn't re-show you the bad result, but downloads fresh data. Usually, hitting the refresh button overcomes such a problem, sometimes holding down shift while reloading the page forces a cache flush and redownload of that particular page, even if caching time periods suggest your browser should simply redraw what it already had. If the server is keeping tabs of your progress with a site using cookies, and something has gone wrong, then dumping the cookies may be a simple way to wipe the slate clean, and have another go. -- tim@localhost ~]$ uname -rsvp Linux 3.15.10-200.fc20.i686 #1 SMP Thu Aug 14 16:12:39 UTC 2014 i686 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. George Orwell's '1984' was supposed to be a warning against tyranny, not a set of instructions for supposedly democratic governments. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
