Platon Technologies
neprihlásený Prihlásiť Registrácia
SlovakEnglish
open source software development oslavujeme 10 rokov vývoja otvoreného softvéru! Nedeľa, 3. júl 2022
O nás
Magazín
Otvorený softvér
CVS
Služby
Index  »  Tlačové správy  »  Analýza bezpečnosti webových stránok operačných programov  »  Výpis príspevkov

Analýza bezpečnosti webových stránok operačných programov
(Reakcia na vyjadrenia ministra Štefanova)

Autor: Ondrej Jombík | Sekcia: Tlačové správy | Dátum: 2009-11-02

Dňa 30.11.2009 prezentoval Konzervatívny inštitút na tlačovej konferencii nehorázne obstarávacie ceny webstránok operačných programov. Zo včerajšieho vyjadrenia pána ministra Štefanova, ktorým sa snažil obhájiť opodstatnenosť vynaložených financií vyplýva, že uvedené webstránky boli drahé najmä kvôli svojmu zabezpečeniu.

Platon.SK Diskusie

Pre informácie o pravidlách obsahu vkladanom užívateľmi a ochrane osobných údajov si prosím prečítajte naše Podmienky použitia.

Vývoj
Diskusia k článku

predmet prispevku

Author: vajcak | Homepage: http://web.stranka.sk | Date: 2009-12-02 20:35

v zivote som o vas nepocul pan odbornik. vela exibicionizmu skodi. venujte sa radsej politike alebo serioznej praci. man-in-the-middle attack moze byt pouzity na lubovolnej stranke samozrejme s roznou narocnostou. XSS sa vyskytuje takmer u vsetkych beznych CMS vratane opensource. samozrejme, ze sa nedaju najst za minutku.
pekny den

 

trosku pokoja....

Author: Lza | Date: 2009-12-02 22:25

ak chcete kritizovat tak by ste to mali robit trosku v medziach slusnosti. ani o vas nikto nic nepocul, tiez ma zaraza ze odporucate p.Jombikovi sa venovat serioznej praci, rad by som poznal vas pohlad na serioznu pracu resp. ci vobec viete comu sa p.Jombik venuje.

neda mi nespomenut, ze dana zranitelnost nema s utokom typu mitm nic spolocne a mitm sa uz vobec neda pouzit na "lubovolnej stranke". xss v ziadnom pripade nemozete generalizovat na mitm, existuje samozrejme sposob ako xss vyuzit na typ mitm, ale ten ma na mile daleko od xss typu na spominanych strankach. tiez nie je pravda, ze vacsina CMS trpi touto formou zranitelnosti, poznam velmi vela systemov ktore to maju osetrene, a veruze sa xss zranitelnost da odhalit za minutku...aj rychlejsie.

clanok sa mi zda v poriadku, nie je prehnany, poukazuje na realne nedostaky v aplikacii, aj ked dana xss zranitelnost sa mohla popisat odbornejsie...ale ako vravim, nie to bola podstata clanku

 

analyza ...

Author: Lukas | Date: 2009-12-03 00:09

Uroven popisu chyb je nizka, ale je to z dovodu, ze tie chyby su tak trivialne, ze nic zlozitejsie netreba :)

Celkom sa cudujem, ze to nezabezpecili proti tymto utokom hned ako zistili, ze sa to bude medializovat. Ved muselo byt jasne, ze v tom momente sa tam niekto nabura. Pravdepodobne vobec netusili, co je XSS :)

Btw. tu analyzu by mohol skusit niekto spravi teraz po zakladnom osetreni pravdepodobne stiahnutom z prveho google odkazu :) Vysledok by bol asi podobny, akurat by trvalo o 7 minut dlhsie najst chybu. Rozsiahle CMS musi byt programovane so zasadami bezpecnosti, nestaci narychlo osetrit jeden search formular ...

Ad XSS a script-kidie -> tento utok je tak neskutocne preflaknuty, ze ano. script kiddie ho zvladne. Bez problemov. na XSS attack example vypluvne google tolko odkazov, ze to zvladne aj moj stary otec ...

Ad Man In The Middle -> clovece, to ze si nieco precitas na bleskovky.sk v sekcii pocitace neznamena, ze tomu rozumies. Prosim,napis ako zautics pomocou man in the middle na
https://ib.slsp.sk/main/start.do
Uz ta adresa je hint, musi tam byt https, aby sa o tom dalo zacat hovorit ;)

 

... analyza ...

Author: Plavec | Date: 2009-12-03 01:43

Ked uz sa tu niekto hra na bezpectnostneho analytika, tak by mal tak aj prezentovat informacie!

Pokial opisujem nejaky utok, tak napisem aj ako bol tento utok vykonany. Ten screenshot mozno vyzera pekne ale nema ziadnu vypovednu hodnotu. Preco tam napriklad nie je zachytena url adresa?

Ten XSS utok ktory bol vykonany bol typu non-persistent, to znamena, ze na to aby sme mohli vidiet jeho vysledok, musime poznat specialne upravenu URL adresa. Cize neda sa to docielit beznou navigaciou na sranke.

Podstata spocivala v tom, ze na stranke po uskutocneni vyhladavania, sa v url adrese nahradil hladany text "zakernym" html kodom:
"'<h1>TUNEL?</H1><img src="http://fotky.sme.sk/foto/44864/tunel?type=v&x =650&y=487">
ktory sposobil, ze na mieste vypisania hladaneho vyrazu sa ukazal obrazok tunela.

K ziadnym trvalym zmenam nedoslo, "tunel" bol pristupny iba na upravenej url adrese. Do stranky sa v skutocnosti nic neulozilo, len to co si tam sam navstenik doniesol so sebou.

PS: Tento clanok povazujem za pamflet, ziadna analyza bezpecnosti sa nekonala ...

 

RE: ... analyza ...

Author: Igor Mino | Homepage: http://platon.sk | Date: 2009-12-03 02:48

> Pokial opisujem nejaky utok, tak napisem aj ako
> bol tento utok vykonany. Ten screenshot mozno
> vyzera pekne ale nema ziadnu vypovednu hodnotu.
> Preco tam napriklad nie je zachytena url adresa?

Pan Plavec, poprosim vas precitat si samotny clanok este *pred* jeho kritizovanim. Tu su zverejnene spominane URL:

http://platon.sk/article.php?72#5

Dakujem

 

RE: ... analyza ...

Author: Plavec | Date: 2009-12-03 15:18

 

RE: ... analyza ...

Author: | Date: 2009-12-03 17:11

 

RE: ... analyza ...

Author: Lza | Date: 2009-12-03 10:31

Prosim vas uvedomte si, ze sa jednalo o POC a nie o dokazovanie, co sa vdaka zranitelnosti da vykonat. Vdaka spominanej chybe sa daju vykonat zakerne utoky voci uzivatelom systemu, zialbohu zavaznost xss zranitelnosti sa podcenuje prave kvoli neznalosti problematiky do hlbky

 

RE: ... analyza ...

Author: Plavec | Date: 2009-12-03 14:32

Ked to bolo POC, tak preco bolo v nadpise "analyza bezpecnosti", POC a analyza maju od seba na mile daleko.
Clanok "predava" produkt, ktory je zabaleny do obalu drahej znacky, ale ked to rozbalite, tak zistite, ze je to len prebal nejakeho lacneho vyrobku ktory nejde na odbyt.
Netreba ziadne dokazovanie zranitelnosti, stacilo len pomenovat co sa stalo a nazorne, slovne vysvetlit postup/princip.
Autor preukazal znalosti prekladu wikipedie, tak ked uz prekladal, tak mohol strucne vymenovat typy XSS utokov a predmetny utak zaradit do tejto klasifikacie.

Analyza bezpecnosti nie je bulvar ...

 

RE: ... analyza ...

Author: Lza | Date: 2009-12-03 17:40

pozrite, POC je priklad konkretnej zranitelnosti, cize od analyzy nema na mile daleko a v tomto priklade zvoleny POC bol spravny, nemozete predsa chciet aby ako POC bol pouzity napriklad remote script, ktory by harvestoval cookies atd. tou druhou vetou nerozumiem co ste chceli povedat. Myslim, ze pre siroku verejnost je dana zranitelnost vysvetlena dostatocne, nejake hlbkove definicie by boli zbytocne, pretoze by tomu nikto nerozumel. tiez si myslim, ze klasifikacie by boli zbytocne, mohli by posobit matuco. chapem aj vas postoj, ale niekedy je menej viac :)

 

Jombo na hrad !!

Author: P | Date: 2009-12-19 21:53

Jombo na hrad !!

 

geek squad

Author: jennrani0804 | Homepage: https://geekquadstech.support/ | Date: 2019-11-07 12:21

[url=https://geekquadstech.support/]geek squad appointment[/url] |
[url=https://geekquadstech.support/]best buy geek squad appointment[/url] |
[url=https://geekquadstech.support/]geek squad appointment scheduling[/url] |
[url=https://geekquadstech.support/]schedule a geek squad appointment online[/url] |
[url=https://geekquadstech.support/]schedule geek squad appointment[/url] |
[url=https://geekquadstech.support/]geek squad in home appointment[/url] |

 

geek squad

Author: jennrani0804 | Homepage: https://geekquadstech.support/ | Date: 2019-11-07 12:22

[url=https://geekquadstech.support/]geek squad appointment[/url] |
[url=https://geekquadstech.support/]best buy geek squad appointment[/url] |
[url=https://geekquadstech.support/]geek squad appointment scheduling[/url] |
[url=https://geekquadstech.support/]schedule a geek squad appointment online[/url] |
[url=https://geekquadstech.support/]schedule geek squad appointment[/url] |
[url=https://geekquadstech.support/]geek squad in home appointment[/url] |

 

College Research Paper Services

Author: Pure Melda | Homepage: https://researchpapers247.com/perfect-custom-research-papers-services/ | Date: 2019-11-20 08:00

One unique characteristic of the firm's Custom Research Paper Services and College Paper Writing Services is that they offer the best market rates and actual research on all their Custom College Paper Writing Services.

 

WWW.AVG.COM/REGISTRATION

Author: WWW.AVG.COM/REGISTRATION | Homepage: http://my-avg.com/registration/ | Date: 2020-01-06 12:31

Technology is advancing day by day & advancement of technology made people more dependent on it. Using technology is all fine but it also have a dark side.

 

i have kaspersky activation code

Author: i have kaspersky activation code | Homepage: http://www.usakasper-sky.com/i-have-kaspersky-activation-code/ | Date: 2020-01-06 13:01

If you have purchased a new kaspersky Antivirus product or if an old one is damaged, then contact kaspersky support installation guide. However, if you have not installed or configured the security system on your computer,

 

WWW.AVG.COM/RETAIL

Author: WWW.AVG.COM/RETAIL | Homepage: http://my-avg.com/retail/ | Date: 2020-01-06 13:02

Technology is advancing day by day & advancement of technology made people more dependent on it.

 

WWW.AVG.COM/RETAIL

Author: WWW.AVG.COM/RETAIL | Homepage: http://my-avg.com/retail/ | Date: 2020-01-06 13:05

Technology is advancing day by day & advancement of technology made people more dependent on it.

 

www.bitdefender.com/central

Author: www.bitdefender.com/central | Homepage: http://my-bitdefender.com/central/ | Date: 2020-01-06 13:06

Bitdefender Total Security is designed to protect you against the most advanced cyber threats on the planet.

 

download kaspersky using activation code

Author: download kaspersky using activation code | Homepage: http://www.usakasper-sky.com/download-kaspersky-using-activation-code/ | Date: 2020-01-06 13:07

As people all around the world carry out their everyday work on their official and personal computers,

 

AVG DOWNLOAD PAID VERSION

Author: AVG DOWNLOAD PAID VERSION | Homepage: http://my-avg.com/download-paid-version/ | Date: 2020-01-06 13:08

Technology is advancing day by day & advancement of technology made people more dependent on it.

 

install webroot with key code

Author: install webroot with key code | Homepage: http://www.we-broot.com/install-webroot-with-key-code/ | Date: 2020-01-06 13:09

webroot new users have to scratch key code very gently otherwise it will get ripped off. In this case,

 

download bitdefender free

Author: download bitdefender free | Homepage: http://my-bitdefender.com/download-bitdefender-free/ | Date: 2020-01-06 13:10

Bitdefender Total Security is designed to protect you against the most advanced cyber threats on the planet.

 

reinstall kaspersky internet security

Author: reinstall kaspersky internet security | Homepage: http://www.usakasper-sky.com/reinstall-kaspersky-internet-security/ | Date: 2020-01-06 13:11

Kaspersky Total Security helps defend your family once they surf, shop, socialize or stream.

 

INSTALL AVG WITH LICENSE NUMBER

Author: INSTALL AVG WITH LICENSE NUMBER | Homepage: http://my-avg.com/install-avg-with-license-number/ | Date: 2020-01-06 13:11

Technology is advancing day by day & advancement of technology made people more dependent on it.

 

INSTALL AVG WITH LICENSE NUMBER

Author: INSTALL AVG WITH LICENSE NUMBER | Homepage: http://my-avg.com/install-avg-with-license-number/ | Date: 2020-01-06 13:24

Technology is advancing day by day & advancement of technology made people more dependent on it. Using technology is all fine but it also have a dark side.

 

bitdefender sign in

Author: bitdefender sign in | Homepage: http://www.bitdefendercentral.co.uk/bitdefender-sign-in/ | Date: 2020-01-06 13:30

Bitdefender a lightening fast free antivirus offers the best protection for your systems, also it provide you smoothest experience managing and using your Bitdefender products on all of your systems like Windows based,

 

jasa aqiqah

Author: asshidiq | Homepage: https://www.jasaaqiqah.com/ | Date: 2020-01-09 07:14

great info, thanks for share it

 

I need your love

Author: the impossible quiz | Homepage: https://theimpossible-quizbest.com | Date: 2020-03-25 05:06

In our lifetime, we always face lots of worries and worries. At times like that, I thought I was lucky. Because of that, I always had to move, rise and develop.

 

RE: Antispam Test

Author: cancel netflix subscription | Homepage: https://canceldelete.com/netflix-subscription/ | Date: 2020-11-24 17:11

Hello! this complex question. Here it is necessary to think...

 

Happy New Year 2021 Images

Author: Events 2021 | Homepage: http://www.events2021.com/ | Date: 2020-12-22 14:53

Find the perfect happy new year 2021 Events2021 photo. Huge collection, amazing choice, 100+ million high quality, affordable RF and RM images. No need to
https://www.events2021.com/happy-new-year-2021-i mages/

 

Happy New Year 2021 Images

Author: Events 2021 | Homepage: http://www.events2021.com/ | Date: 2020-12-22 14:56

Find the perfect happy new year 2021 Events2021 photo. Huge collection, amazing choice, 100+ million high quality, affordable RF and RM images. No need to
https://www.events2021.com/happy-new-year-2021-i mages/

 

Awesome!

Author: Werneree | Homepage: https://www.auroraillandscaping.com/ | Date: 2021-05-15 08:07

I am amaze on how you respond on the Minister's statement about the subject, you have a great knowledge on this and you nailed every bit of it!

 

Xfinity.com/authorize - Activate Xifinity Beta on Roku.

Author: lewis rex | Homepage: https://xfinityactivate.launchaco.com/ | Date: 2021-07-12 09:50

Go to xfinity.com/authorize from another device like a mobile phone, tablet or desktop - not from your Roku. From the web browser, enter the six-digit code

 

Puff Sleeve Blouse Designs

Author: Sonju Ghosh | Homepage: https://mymandap.in/best-puff-sleeve-blouse/ | Date: 2022-04-19 12:46

What is so special about a Puff Sleeve Blouse? The main attraction of this blouse design lies around the Sleeve region. This is practically a sleek fond, making the attire more appropriate, pretty, and elegant. These days, brides are breaking the old and fragile rules on apparel and attires.

 

CBD Lead Generation

Author: Sonju Ghosh | Homepage: https://emailnphonelist.com/cbd-lead-generation/ | Date: 2022-05-17 16:04

CBD Lead Generation, a short form of &#8216;Cannabidiol&#8217; is a chemical compound from the Cannabis Sativa plant, which is also known as marijuana.

 

Web Application Firewall (WAF)

Author: lizazampa | Homepage: https://sonic-breakfast-menu.online/sonic-nutrition/ | Date: 2022-05-26 09:05

Always Informed: Know where the attacks are coming from, what are the IPs, & other info. Prevent all possible malicious activities by customizing firewall rules.
Sonic Nutrition

 

India's No. 1 Bulk SMS Service Provider in Bangalore (Get Upto 40% Extra) - GetItSMS

Author: Text Message Marketing | Date: 2022-06-14 08:44

Having a service to send an SMS/MSG blast can help businesses a lot and provide them with a complete solution. SMS blast service has come a long way that will help businesses a lot and provide them with the best service ever. There is nothing hard to have the service of SMS blast for any of the businesses. Also We'll help you to send 1000 SMS at a time free online. The bulk WhatsApp SMS platform makes it easy for you to promote your company using WhatsApp promotional texts. The promotional messaging service on Whatsapp could make it easier for your business to reach out to potential clients.So, GetItSMS is the best SMS marketing Company. Looking to have a bulk SMS API for your business? What are the things that you know about the service of bulk SMS gateway API? Now no worries GetItSMS is offering enterprises a complete mass communication solution. Which will help them to uplift their business to the bandwagon of today&#8217;s mass marketing. If you are looking to have the service of mass communication or bulk SMS gateway API. Our team will help you to have the service of bulk SMS gateway API. Are you looking for how to send bulk WhatsApp messages?What is the best way to send bulk WhatsApp messages? How do WhatsApp bulk messages work? Technology is growing leaps and bounds and has helped us all to eliminate multiple issues. That we all were facing to communicate with each other. Whether it is about communication between friends and families or enterprises to consumers. Communication has been the main purpose of us all. OTP SMS service provider delivers timely service of OTP SMS. Where you will get online OTP service for your business. OTP SMS service uses a mobile number for OTP to verify the user information. Bulk SMS service provider in Delhi comes with a number of advantages. This mass communication service of a bulk SMS service provider in Delhi will provide you with a bulk SMS API. Which will make your service respond and deliver SMS automatically.

 

North Indian Pandit In Bangalore

Author: 99 Pandit | Homepage: https://99pandit.com/ | Date: 2022-06-16 09:07

This information is beneficial to me. Thank you for sharing your knowledge with us. I&#8217;ve got something useful I hope you&#8217;re Interested, North Indian Pandit in Bangalore | Hindi Pandit in Bangalore: We the Indians start our every work saying the name of the Lord and that must be done as per the rituals. So, therefore when you are saying the Lord&#8217;s name first to start anything that needs you to have experienced Pandits/Guruji&#8217;s. When you have experienced Guru Ji or Pandit Ji&#8217;s to meet the true name of the God that gives you peace of mind and satisfaction. As per the Hindu rituals, our pandits can&#8217;t see blasphemy done by anyone. So, keeping every ritual in mind we give you experienced North Indian Pandit in Bangalore for Marriage and other activities related to Hinduism. If you are looking for North Indian Pandit in Bangalore, our team of 99pandit.com will help you out in this.

 

Book a Pandit Online

Author: getitsms | Homepage: https://getitsms.com/ | Date: 2022-07-01 12:36

We are grateful to you for assisting us by giving the information regarding the project that you had. Your efforts allowed us to better understand the consumer while while saving us time. Do you know Our Promotional Bulk SMS lets enterprises to promote their businesses. This has a huge impact on attracting more visitors and creating quality customers. Hence, bulk SMS advertising is the only option for companies looking to develop a solid marketing strategy to meet all of their business goals. Also In the current market trend to offer effective marketing services, we offer Transactional Bulk SMS in India and other countries to make communication personalized and effective. Here are some major reasons that will help you choose an SMS advertising service in India. Are you looking to send messages in the Australia? Bulk SMS Australia can help you to better approach your business&#8217;s targeted audience in minutes without any active internet connection. We are providing a bulk SMS gateway that will help you to deliver your messages to all types of customers. Want to know about the bulk SMS character limit in bulk SMS service? What is the SMS character limit? The service of bulk SMS is the foremost service for different businesses. Which helps companies to send messages or SMS to their customers. However, bulk SMS service can be used for different purposes and this can help communicate in the most convenient way. Till now a number of companies have used the service of bulk SMS. Which has given the top advantages of bulk SMS. In order to communicate with its customers and provide its services. Bulk SMS UK can help you to better approach your business&#8217;s targeted audience in minutes without any active internet connection. We are providing a bulk SMS gateway that will help you to deliver your messages to all types of customers. Best OTP SMS service provider can your business. To deliver the best services for your business all the time. So, if you look at the results of one time password SMS Blast service. This has provided excellent service in security to the businesses. We will help you to have the service for your business of miss call alert by providing you with the best missed call service provider in India. The service of miss call alert has become so important and this has been our first priority to provide a better service for us. As a business, we can not provide a better service to our customers. If we do not have better weapons such as a best missed call service provider in India. We can not win the war. Come What May, we need to have a best-missed call service provider in India for the company. If we want to provide better results to our business&#8217;s potential customers. Now with peace of mind, send bulk SMS South Africa and make things work for your business. This is a top mass communication service that will help your business. Do you want to integrate the SMS gateway PHP ? Are you looking for a solution to your SMS service? GetItSMS will help you in integrating the SMS Gateway API. Which is providing bulk SMS API to all its clients in India. This cheap SMS gateway will meet all your requirements to deliver your business messages.

 
Copyright © 2002-2006 Platon Group
Stránka používa redakčný systém Metafox
Na začiatok · Odkazový formulár · Prihláška
Upozorniť na chybu na PLATON.SK webstránke · Podmienky použitia · Ochrana osobných údajov