Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Firefox and Denial of Service attacks
7 views
Skip to first unread message
Paul Magnussen
Oct 7, 2012, 12:39:26 PM10/7/12
to
BACKGROUND
The Weston A. Price Foundation is an organisation devoted to healthy
nutrition, and consequently it has trodden on a lot of large industrial
toes.
PROBLEM
I've been using the Foundation's website for several years; but
yesterday when I tried to go there, I got a "Reported Attack page"
dialogue from Firefox (3.6.28).
"This web page at www.westonaprice.org has been reported as an attack
page and has been blocked based on your security preferences.
Attack pages try to install programs that steal private information, use
your computer to attack others, or damage your system.
Some attack pages intentionally distribute harmful software, but many
are compromised without the knowledge or permission of their owners."
The only way I could get past this was to turn off the "Block reported
attack sites" option in Preferences, which in something that in general
I don't wish to do.
SOLUTION?
It appears from posts in the Foundation's newsletter that this is some
kind of Denial of Service attack, sparked by a post that went viral
about the health problems caused by soy.
So my questions to this group are (assuming that the above diagnosis is
correct):
* How is this attack achieved?
* How can I get round it safely?
* What (if anything) can WAPF do about it?
Thanks
Paul Magnussen
The Weston A. Price Foundation is an organisation devoted to healthy
nutrition, and consequently it has trodden on a lot of large industrial
toes.
PROBLEM
I've been using the Foundation's website for several years; but
yesterday when I tried to go there, I got a "Reported Attack page"
dialogue from Firefox (3.6.28).
"This web page at www.westonaprice.org has been reported as an attack
page and has been blocked based on your security preferences.
Attack pages try to install programs that steal private information, use
your computer to attack others, or damage your system.
Some attack pages intentionally distribute harmful software, but many
are compromised without the knowledge or permission of their owners."
The only way I could get past this was to turn off the "Block reported
attack sites" option in Preferences, which in something that in general
I don't wish to do.
SOLUTION?
It appears from posts in the Foundation's newsletter that this is some
kind of Denial of Service attack, sparked by a post that went viral
about the health problems caused by soy.
So my questions to this group are (assuming that the above diagnosis is
correct):
* How is this attack achieved?
* How can I get round it safely?
* What (if anything) can WAPF do about it?
Thanks
Paul Magnussen
Wes Groleau
Oct 7, 2012, 1:05:05 PM10/7/12
to
On 10-07-2012 12:39, Paul Magnussen wrote:
> * How is this attack achieved?
Bad guys forge a malware detection message to the Firefox database
> * How is this attack achieved?
(probably did the Google DB as well).
> * How can I get round it safely?
consulting Firefox.
or
2. Set it so that Firefox asks you every time instead of
just blocking--and train yourself to accept ONLY WAPF.
But keep in mind the possibility that they were actually hacked and DO
contain malware. Some Russian criminals somehow managed to turn one of
my websites into a phishing site for a day.
> * What (if anything) can WAPF do about it?
way to prevent it.
--
Wes Groleau
You're all individuals!
Yes, we're all individuals!
You're all different!
Yes, we are all different!
I'm not!
("Life of Brian")
Kevin McMurtrie
Oct 13, 2012, 2:20:25 PM10/13/12
to
In article <FK6dnbLswYejLezN...@earthlink.com>,
The warning message is possibly legit. Low quality server software can
be made to accept or return content that hasn't been properly encoded.
This allows hackers to inject their custom HTML control elements for
hijacking visitors.
Another possibility is that the web site is using a 3rd party advertiser
or click tracker that is delegating content to hackers. Not all
advertisers are direct sellers. Some are aggregates of aggregates of
aggregates of advertisers so you never know where the injected
JavaScript will actually come from.
I don't see anything bad there now. Maybe it's fixed.
--
I will not see posts from Google because I must filter them as spam
be made to accept or return content that hasn't been properly encoded.
This allows hackers to inject their custom HTML control elements for
hijacking visitors.
Another possibility is that the web site is using a 3rd party advertiser
or click tracker that is delegating content to hackers. Not all
advertisers are direct sellers. Some are aggregates of aggregates of
aggregates of advertisers so you never know where the injected
JavaScript will actually come from.
I don't see anything bad there now. Maybe it's fixed.
--
I will not see posts from Google because I must filter them as spam
0 new messages