Spyware Warrior

[mikey]

Does anyone know of any highjacking exploit that Prox didn't already have a cure for, including the new iFrame vulnerability, before they became known?

I've tested/defined many highjackers in the past couple of years but I don't remember even one that didn't require me to bypass Prox in order to pull from the source.

Our sys are protected in other ways as well but I'd be very curious to know if there are any highjack vulnerabilities that weren't dealt with by Prox alone. Anyone know?
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE

Spyware/Adware is NOT freeware, it costs all of us dearly.

Mikey's Stuff

Fiddler and friends...essential web diagnostic, forensic, & development tools.
-

[Scaramouche]

Proxomitron is one of those perfect applications; it's a relatively simple implementation that's capable of incredibly complicated things. I was really said to hear first that the author wasn't maintaining it and second that he died :(

Theoretically speaking, you're right. Since proxomitron is a highly configurable software proxy it can intercept basically any code before execution and change it to harmless comments (or a non sequiter, like a picture of a giraffe smoking). The problem lay in keeping up with the exploits filter-wise, as well as obfuscated code, hidden domains, etc. I think proxomitron can currently protect you pretty thoroughly if you're willing to put a lot of work into maintaining your filters. Basically if it's launched from a web page (and not by port scanning/telnet abuse/etc) proxomitron can probably protect you.
_________________
---
My comments represent my own opinions and research.

[mikey]

I don't really spend much time on my scripts/filters. I wrote a simple filter a couple months ago to thwart the ad rotation js on a site I frequent but generally, I just don't spend much effort on it. I don't usually need new scripts for much as I use Prox in conjunction with AdShield and AS allows me to just 'click away' any content I don't wish to ever see again. The script I just mentioned took about 30secs to write the matching expression for and load. I spend much greater resources playing with my PAC files.

Anyway, I'm still curious to know if there is any highjacking exploit out there that isn't handled by the filters already included in Prox. Anyone know of one?
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE

Spyware/Adware is NOT freeware, it costs all of us dearly.

Mikey's Stuff

Fiddler and friends...essential web diagnostic, forensic, & development tools.
-

[mikey]

You know, I still, even after all this time, have no answer to this question because I've never seen one.

It comes with 6 levels of precfged scripts depending on your particular comfort level. There are many folks around who actively create new cfgs and blocklists. There are also several forums around that are dedicated to it's use and maintenace.

Before you spout the common misinfo about it being obsolete now, you should know that I have it running at startup in my brand new 64bit W7U.

I even have Fiddler set to automatically chain to it whenever Fiddler starts. Whether I want raw data from Fiddler or not is as easy to handle as clicking the bypass button in Prox.

If you're interested, just do a search for ' Proxomitron Naoko 4.5m '.
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE

Spyware/Adware is NOT freeware, it costs all of us dearly.

Mikey's Stuff

Fiddler and friends...essential web diagnostic, forensic, & development tools.
-