tag:blogger.com,1999:blog-16689853.post116008632462928891..comments2024-03-14T01:50:25.184-04:00Comments on Grumpy Tech Guy: JavaScript Intranet ScannerAleksey Linetskiyhttp://www.blogger.com/profile/05988449371728586396noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-16689853.post-81885984874690237702011-02-18T03:07:32.251-05:002011-02-18T03:07:32.251-05:00All the customers of the site scanner can also con...All the customers of the site scanner can also contact Go Daddy's Customer Security Advisers. It is a dedicated team of world class security experts available to answer questions and also provide best solutions to your problems. There is lot of customers and small businesses depend on Go Daddy as their personalized security departmentbusiness card scannerĀ http://www.scanshell-store.com/software_s2c.htmnoreply@blogger.comtag:blogger.com,1999:blog-16689853.post-1160777888802931812006-10-13T18:18:00.000-04:002006-10-13T18:18:00.000-04:00Yes, but there are quite a lot of those idiots. An...Yes, but there are quite a lot of those idiots. And they, in turn, can be used to harm even gurus.Aleksey Linetskiyhttps://www.blogger.com/profile/05988449371728586396noreply@blogger.comtag:blogger.com,1999:blog-16689853.post-1160726715827751452006-10-13T04:05:00.000-04:002006-10-13T04:05:00.000-04:00It's a bunch of HOOWY!YES it "gets" your "home" IP...It's a bunch of HOOWY!<BR/>YES it "gets" your "home" IP addess of your router..... NO, they have NOT proven that the information is even "passable" to another area/site.. AKA.. Just because I can see my info DOESN'T mean YOU can see my info.<BR/><BR/>ALSO...... Using Firefox.. It brought up my "password" prompt for my router. IF I have changed the password (some idiots or newbies don't), then NOONE can get into my router UNLESS they are willing to try to "break" my password.<BR/><BR/>TOOO much trouble for nothing. The ONLY ones who would suffer are again the IDIOTS who think they are tooo good to do what a "tech" tells them to do, OR someone that has NO IDEA how to use a router or a computer SAFELY, BUT still had one hooked up for them.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16689853.post-1160502223871718302006-10-10T13:43:00.000-04:002006-10-10T13:43:00.000-04:00Dmitriy, thanks for the great comment! I agree tha...Dmitriy, thanks for the great comment! I agree that this article is unnecessary panicky, and that it's not the end of the world. Couple of notes:<BR/><BR/>1. Java applets and Flash, while running in a browser, are running in a sandbox, which, if I remember correctly, prohibits them from connecting to any host other than the originating one. So, they are not suitable for this kind of attack.<BR/><BR/>2. As you pointed out, the script - at least in its current version - is good only to scan very simple networks with default settings - basically, we are talking of poorly configured home networks. It makes the script not very useful for any kind of targeted attack - but it's still perfectly useful for getting into a huge number of simplistic home networks. The payload, of course, should be different - you suggested one possible payload, and, probably, there might be more interesting scenarios. The problem with dynamic IP is not relevant - the broadband providers change users' IPs quite infrequently.<BR/><BR/>3. Taking all aforementioned in consideration, you may ask me - why did I pay attention to this panic? Well, I think that the most interesting thing here is that the attack is unusual and is using one of the fastest developing technologies. The situation is, in my opinion, somewhat similar to the time when the first macro virus appeared. Ther users didn't stop using Word or Excel - but there were several quite harmful pandemies and some of the security paradigms had to be changed.Aleksey Linetskiyhttps://www.blogger.com/profile/05988449371728586396noreply@blogger.comtag:blogger.com,1999:blog-16689853.post-1160147855980316582006-10-06T11:17:00.000-04:002006-10-06T11:17:00.000-04:00I am skeptical of this. How is the JavaScript supp...I am skeptical of this. How is the JavaScript supposed to get through the password and ID required to access the router settings? What point is there for someone in let's say Russia to be able to turn off your encryption? If you are running a software firewall you are still protected up to a point.Anonymousnoreply@blogger.com