Socket Capable Browser Plug-ins Result In Transparent Proxy Abuse
For over a year in my spare time I've been working on a abuse case against transparent proxies at my employer, and have just released my latest paper '"Socket Capable Browser Plugins Result In Transparent Proxy Abuse". When certain transparent proxy architectures are in use an attacker can achieve a partial Same Origin Policy Bypass resulting in access to any host reachable by the proxy via the use of client plug-in technologies (such as Flash) with socket capabilities. As I outline in the paper I suspect there may be difference of opinion as to who's responsibility it is to fix the issue, but the bottom line is with certain transparent proxy products and network layouts you're safe, and others you're not.
The best part of this experience wasn't the bug itself, but the great conversations that I've had with many people in the industry. Comments welcome!
Download: http://www.thesecuritypractice.com/the_security_practice/2009/03/socket-capable-browser-plugins-result-in-transparent-proxy-abuse.html
Cert Advisory VU #435052: http://www.kb.cert.org/vuls/id/435052
cool stuff robert
Posted by: arshan | Mar 15, 2009 5:17:24 AM