~jpastuszek/blog

d206843a4b4894b929ada1185ecbd0ce91a51bb6 — Jakub Pastuszek 3 years ago 45274e4
added NAT Slipstreaming link
2 files changed, 19 insertions(+), 1 deletions(-)

M content/2020-08-14-js/index.md
M content/security-mess/index.md
M content/2020-08-14-js/index.md => content/2020-08-14-js/index.md +6 -1
@@ 7,7 7,7 @@ categories = ["web"]

[extra]
image = "js-robot.jpg"
image_alt = "Work in progress"
image_alt = "JavaScript logo in a cup"
image_credit = "<a href=\"https://www.flickr.com/photos/8395214@N06\">'Cowboy' Ben Alman</a> / CC BY-NC-ND 2.0"
+++



@@ 117,6 117,7 @@ For some recent examples see:
 * [List of well-known web sites that port scan their visitors](https://www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/)
 * [Apple declined to implement 16 Web APIs in Safari due to privacy concerns](https://www.zdnet.com/article/apple-declined-to-implement-16-web-apis-in-safari-due-to-privacy-concerns/)
 * [Web Browsers still allow drive-by-downloads in 2020](https://www.bleepingcomputer.com/news/security/google-chrome-adding-malicious-drive-by-downloads-protection/)
 * [NAT Slipstreaming](https://github.com/samyk/slipstream) is a recent attack (as of Nov 2020) that "allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim's NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website."

## Malicious script delivery vectors



@@ 255,6 256,10 @@ If you want to present a content that is indexable, searchable, navigable and re

When you are browsing the internet make sure you use proper tools to stay safe and encourage safe website designs with your choices and feedback.

# Updates to this article

* 2020-11-11 - Added note about NAT Slipstreaming

[glibc]: https://www.gnu.org/software/libc/
[Backdoors]: https://en.wikipedia.org/wiki/Backdoor_(computing)
[Trojans]: https://en.wikipedia.org/wiki/Trojan_horse_(computing)

M content/security-mess/index.md => content/security-mess/index.md +13 -0
@@ 1,3 1,16 @@
+++
title = "TBD"

[taxonomies]
tags = []
categories = []

[extra]
image = "../wip.jpg"
image_alt = "Work in progress"
+++


After reading about object-capability systems and hearing from Christopher Webber, reading papers like

https://srl.cs.jhu.edu/pubs/SRL2003-02.pdf