On Wed, 2017-01-04 at 21:33 +0000, Chris Olson wrote:
> ...... A Firefox browser on one system .....
> Instead, a site located at the link https://gaibacoupontec.com
> was displayed with a message indicating that there was an urgent
> Firefox update required.
Firefox, like other web browsers, usually displays text in HTML mode.
Seeing a "link" for https://gaibacoupontec.com does not guarantee the
hidden 'A HREF' code is actually for that site.
> Is it possible that a new Firefox flaw has been detected and is
> being exploited for malicious purposes?
Yes. Alertness and improving security are continuous tasks.
SQL injection attempts, made by suffixing usually very long strings of
SQL coding to valid parameters such as domain.com/info.php?aaaa=12345,
has been popular with the Russians for at least the last few years. The
only method of preventing it compromising a site is to test the
acceptable maximum length of the parameter (in this example '12345') and
if exceeded block the IP address in iptables.
Cyber attacks are gradually replacing armed conflicts.
--
Regards,
Paul.
England, EU. England's place is in the European Union.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
