OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Full-disclosure] Anonymizing RFI Attacks Through Google

From: Dave \ (davek_throwawayhotmail.com)
Date: Thu Nov 23 2006 - 08:15:48 CST


Gadi Evron wrote:
> Noam Rathaus on using Google to anonymize attacks on websites:
> http://blogs.securiteam.com/index.php/archives/746

> By placing a URL on any web page, Google will find it, visit it and
> then index it. With this mechanism, it is possible to anonymize
> attacks on third party web sites through Google by the use of its
> crawler.

  This technique was described by Michal Zalewski in Phrack years ago.

http://www.phrack.org/archives/57/p57-0x13

    cheers,
      DaveK
--
Can't think of a witty .sigline today....

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/