(anonymous guest) (logged out)

Copyright (C) by the contributors. Some rights reserved, license BY-SA.

Sponsored by the Wiki Symposium and the Nuveon GmbH.

 
View Attach Info

Add new attachment

Only authorized users are allowed to upload new attachments.

This page (revision-66) was last changed on 28-Apr-2008 15:12 by YvesPiguet  

This page was created on 04-Sep-2006 02:06 by 217.162.145.188

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 56 added 2 lines
== Security ==
At line 111 added 36 lines
Sigh. This is really not the place for it, but ok, let us analyze the risk. First, let us look at similar threats present on other web pages. Then we will look at how dangerous they are. Finally we will examine ways of protecting against them.
Wiki is one kind of site that displays user-submitted content. There are other such web services too. Lets see how common the threat is:
* Most of the forum software allows users to have custom avatar icons and images in their signatures -- they are often //required// to be external images, in order to conserve the bandwidth of the site hosting the forum. Many forums also allow including images directly in the body of the post. Even if they did not, just putting an URL to the image practically guarantees that at least several people will click it. Surprisingly, so called image boards seem to be much safer, as they host the images they serve.
* Every "big and trusted" news site, web portal, etc. allows commercials that are displayed in form of banner images or even embedded objects (flash, even movies). This is not free, but pretty cheap and they don't really check their clients.
* Google images will display cached versions of images, but you're only several clicks away from displaying the real thing.
* Most internet sites have those external links, that lead to other internet sites, which can in turn contain malicious images not because they are on the wiki, but simply because they are hosted by the attacker himself. There are various redirectors, domain aliases, tinyurl-like services that will allow hiding the real url.
* There are many programs other than web browsers that will attept to download and display external images. "User friendly" mail readers, news readers, feed readers, various "ad-ware" programs that are free to use but display banners, etc.
It seems that a pretty large chunk of the Internet is buggy and requires fixing! The security threats are everywhere to get you. But lets assume that you are just a very dedicated wiki user and you don't really visit //any// web sites apart from your favorite wiki (at least not from a workstation in your top secret corporation). What can the attacker do to you?
* He can discover your IP address. Or the IP address of your gateway, if you are behind NAT in a private network, which is very likely. If you are concerned about disclosing your IP address, you use a proxy server or TOR anyways.
* If he prepared the URL so that it is unique, he can also see what page was downloaded by that IP address. Unless, of course, one of several layers of caching kicks in, in which case he will only see part of the traffic.
* He can launch some javascript script on your browser. The script can be abnoxious if you didn't disable relevant options in your browser (allow to create windows, replace popup menus, etc.) or actually, if you did enable them (they come disabled by default recently). As the script is launched from the attacker's domain, not the wiki's, it can't really steal cookies or perform actions in your name.
* If your browser has a bug, he can possibly exploit that bug. In case of Linux this probably means crashing your browser or even crashing your session. In case of Windows this probably means installing a troyan horse program or even getting administrator priviledges on your machine. This is pretty nasty, but:
** these bugs are pretty rare,
** in sane cases the patch is relesead quickly,
** if you have unpatched known security bugs in your software, you're risking by just having your computer connected to any kind of network, not just by browsing wiki pages.
* If the wiki engine uses logins //and// has a bug in its code, the attacker can intercept your password. Well, this is an instance of "if the software you use has security bugs, you're not secure".
* The attacker can include a malicious link to an evil action in your intranet application, as described in the link I gave you before. Again, this is a security bug in the application, and should be fixed there, as there are multiple other entry points for it.
If you are still concerned, your browser has an option to disable automatic loading of images. It will still display the images from your cache and those that you tell it to download. Looks like a perfect solution if you are paranoid and only want to browse the single wiki site. Modern browsers even allow you to provide a list of allowed and disallowed domains. Most firewalls allow for somethng similar too. Similarily, if you are afraid of javascript, and only browse "safe" sites without javascript, then why do you have javascript enabled at all?
To summarize:
* the threat is very widespread,
* defending from it on the user side is trivial,
* defending from it on the server side is difficult, costs resources (bandwidth and server load) and opens new opportunities for attack,
* they are out to get you.
-- RadomirDopieralski, 2007-02-15
Version Date Modified Size Author Changes ... Change note
66 28-Apr-2008 15:12 34.699 kB YvesPiguet to previous Image ref and alt
65 28-Apr-2008 13:16 34.34 kB Isonomia to previous | to last
64 28-Apr-2008 13:14 34.285 kB Isonomia to previous | to last
63 28-Apr-2008 13:11 34.188 kB Isonomia to previous | to last
62 28-Apr-2008 13:11 34.206 kB Isonomia to previous | to last
61 28-Apr-2008 13:06 34.199 kB Isonomia to previous | to last
« This page (revision-66) was last changed on 28-Apr-2008 15:12 by YvesPiguet