He compromised the server(s) at the ad network we were using at the time, and simply served up his ad instead of the usual ones. BB Ryan Barnett wrote: > I believe that the SecurityFocus "defacement" by FluffiBunni a few > years back would be an example of the defacement attack that Michael > listed in his article. The concept was that SF had a trust > relationship with the company that was rotating their banners and FB > replaced the expected image with the defaced one. I don't remember > the exact details on how the banner images were fed in (vs. > Hotlinking, etc...) > > Does anyone have specific info from that defacement? > > Isn't this somewhat related to the same trust issues with RSS feed attacks? > > > On 4/16/07, pdp (architect) <pdp.gnucitizen@xxxxxxxxxxxxxx> wrote: >> http://www.gnucitizen.org/blog/persistent-csrf-and-the-hotlink-hell/ >> http://michaeldaw.org/papers/hotlink_persistent_csrf/ >> >> I would like to bring your attention to a topic that has been rarely >> discussed. I am going to talk about hotlinks, redirections and of >> course CSRF (Cross-site Request Forgery). >> >> When we talk about CSRF we often assume that there is one kind only. >> After all, what else is in there when CSRF is all about making GET or >> POST requests on behalf of the victim? The victim needs to visit a >> page which launches the CSRF exploit. If the victim happens to have an >> established session with the exploited application, the attacker can >> perform the desired action like resetting the login credentials, for >> example. >> >> However, CSRF can be as persistent as persistent XSS (Cross-site >> Scripting) is and you don't need XSS to support it. Persistent CSRF is >> not dependent on persistent XSS. >> >> I hope that you find the post useful. >> >> -- >> pdp (architect) | petko d. petkov >> http://www.gnucitizen.org >> >> ---------------------------------------------------------------------------- >> Join us on IRC: irc.freenode.net #webappsec >> >> Have a question? Search The Web Security Mailing List Archives: >> http://www.webappsec.org/lists/websecurity/ >> >> Subscribe via RSS: >> http://www.webappsec.org/rss/websecurity.rss [RSS Feed] >> >> > >
