Security Basics
Re: Eliminate iframes Jun 26 2013 10:54AM
Andre Silaghi (andre silaghi googlemail com) (1 replies)
Re: Eliminate iframes Jun 26 2013 01:44PM
Joshua Trabing (j_trabing me com)

NoScript works well. Scales laterally by following the uses out of the work place also.

Josh

On Jun 26, 2013, at 4:54 AM, Andre Silaghi <andre.silaghi (at) googlemail (dot) com [email concealed]> wrote:

> Thank you Terrence,
>
> indeed it is cheap but costs will grow because you have to maintain
> the regex pattern list. I think of something which is driven by
> communities or companies although I find it quite dangerous to trust
> the community or company. But I guess there is no other cheap way
> around this.
>
> best regards
> andré
>
> 2013/6/21 Terrence O'Connor <terrence.oconnor (at) gmail (dot) com [email concealed]>:
>> You could setup a scanning reverse proxy that checks for that regex pattern
>> and blocks those types of requests. That's the cheap solution.
>>
>> --
>> Terrence O'Connor
>>
>> On Friday, June 21, 2013 at 9:31 AM, Andre Silaghi wrote:
>>
>> hi community,
>>
>> I am curious about your way of getting rid of iframes within large -
>> enterprise - networks. The problem is that a couple of websites are
>> trying to infect you using drive-by downloads mostly via iframes
>> within hijacked websites. The firewalls will not do it since it
>> operates only in osi level 3 or 4 but not within the application level
>> where iframes are usually transfered via http.
>>
>> Is there any solution you could propose?
>>
>> best regards,
>> andré
>>
>> ------------------------------------------------------------------------

>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL
>> certificate. We look at how SSL works, how it benefits your company and how
>> your customers can tell if a site is secure. You will find out how to test,
>> purchase, install and use a thawte Digital Certificate on your Apache web
>> server. Throughout, best practices for set-up are highlighted to help you
>> ensure efficient ongoing management of your encryption keys and digital
>> certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> ------------------------------------------------------------------------

>
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus