Security Basics
Re: Eliminate iframes Jun 26 2013 10:54AM
Andre Silaghi (andre silaghi googlemail com) (1 replies)
Thank you Terrence,

indeed it is cheap but costs will grow because you have to maintain
the regex pattern list. I think of something which is driven by
communities or companies although I find it quite dangerous to trust
the community or company. But I guess there is no other cheap way
around this.

best regards
andré

2013/6/21 Terrence O'Connor <terrence.oconnor (at) gmail (dot) com [email concealed]>:
> You could setup a scanning reverse proxy that checks for that regex pattern
> and blocks those types of requests. That's the cheap solution.
>
> --
> Terrence O'Connor
>
> On Friday, June 21, 2013 at 9:31 AM, Andre Silaghi wrote:
>
> hi community,
>
> I am curious about your way of getting rid of iframes within large -
> enterprise - networks. The problem is that a couple of websites are
> trying to infect you using drive-by downloads mostly via iframes
> within hijacked websites. The firewalls will not do it since it
> operates only in osi level 3 or 4 but not within the application level
> where iframes are usually transfered via http.
>
> Is there any solution you could propose?
>
> best regards,
> andré
>
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate. We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------

>
>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: Eliminate iframes Jun 26 2013 01:44PM
Joshua Trabing (j_trabing me com)


 

Privacy Statement
Copyright 2010, SecurityFocus