There has been a lot of buzz in the last two years over web app vulnerabilities like XSS and XSRF which had lead to a frenzy of research to find more new classes of vulnerabilities. I have been lucky enough to be associated with the discovery and naming of a brand new type of web application vulnerability, being called XSRR, or Cross-Site Rick Rolling.
To give you a rough breakdown, the XSRR attack is a user-assisted attack with the potential to yield full compromise of the victim's sanity. The attack is composed by convincing a user to open a media file or follow a link leading to a media file which contains music by the all-time heavy weight MMA super champion Rick Astley.
A simple walk though of this can be seen at this demo page.
Defenses for this new class of attacks are actively being developed, and there is currently a firefox plugin called RickRollDB which maintains a bkacklist of all known sites usable for performing XSRR. As you can see, I'm never gonna give you up, never gonna let you down; never gonna run around and desert you.
Subscribe to:
Post Comments (Atom)
2 comments:
You'd best not be running around or deserting me, if you know whats good for you! <3 You would think that the girlfriend of the developer of such an exploit would have more sophisticated security defense mechanisms against it...
WTF, thought this was a regular blog from some smart dude that thought he got owned.
Freaking Big Ass Squirrel going to get you if you don't update.
Post a Comment