different ways to trick browsers into letting hackers do things that they
should not be allowed to do. Some of them have to do with URIs.
Black Hat, security researchers Nathan McFeters and Rob Carter argued that URI
exploitation is an area that is still ripe for further analysis and
exploitation.
example http:// for web and ftp:// for FTP. Other common URI’s are AIM:// for
instant messaging and firefoxurl:// for loading a Firefox browser.
registered on your system can be interacted with by a browser. Application
developers commonly create URI hooks into their apps. Sometimes those URI hooks
can be used by an attacker to do ‘bad’ things.
hook is Google’s Picassa photo application. That’s where the T-bAG (trust based
applet attack) comes in. The attack involves a user clicking on a Picassa URI
(Picassa://) that causes a button to be loaded inside of a user’s Picassa
application. In a nutshell, when the button is clicked the users images can be
stolen by the attacker.
note that Google has now mostly fixed the URI issue by doing additional URI
bound and validation checks.
called ‘Stupid IM Tricks’ where by taking advantage of IM URIs he could trigger
a message to be sent from a victim’s machine.
dead easy to do, in my opinion.
target rich environments that affect Windows, Linux and Mac. To make matters
even worse McFeters argued that in many cases there is no need for the URI
(which could lead to an exploit) to exist in the first place.
real reason why we need protocol handlers most aren’t really useful,”
McFeters said.