Cache Attack: Firefox as the New Weapon of Cyber Criminals

presentation player overlay
About This Presentation
Transcript and Presenter's Notes

Title: Cache Attack: Firefox as the New Weapon of Cyber Criminals


1
Cache Attack Firefox as the New Weapon of Cyber
Criminals
2
Cache Attack
Firefox as the New Weapon of Cyber Criminals Web
cache is data front liners that're automatically
downloaded for faster bootup times during your
next same-site visit. It's a typical web
practice that normally wouldn't warrant any
suspicions, but recent research now finds it
vulnerable to abuse - and attack website's
visitors.
www.izoologic.com
3
Cache Attack Firefox as the New Weapon of Cyber
Criminals
  • The Research Team from PortSwigger Web Security,
    under the supervision of its head James Kettle,
    recently discovered a way to hack into sites by
    exploiting how web caching works.
  • Exploiting even further an API for one of Mozilla
    Firefox's web cache plug-ins, Kettle spoke of how
    DDoS Attacks and Credential Theft can even be
    made possible.
  • Moreover, this kind of attack orders the web
    cache to propagate malware or redirect unknowing
    victims to malicious pages by forcefully
    whitelisting suspicious URLs.

www.izoologic.com
4
Cache Attack Firefox as the New Weapon of Cyber
Criminals
www.izoologic.com
5
Cache Attack Firefox as the New Weapon of Cyber
Criminals
  • These have been achieved through Kettle's
    employment of Cache Poisoning, which he used to
    attack at the back of the browser that checks and
    sends plug-in updates, as well as application
    updates.
  • "I found by accident ... that I was able to use
    cache poisoning to effectively input some limited
    commands to Firefox browser users worldwide," he
    comments. "If you opened Firefox, I got control
    of it.
  • "It's not specific to any given technology or any
    given cache", as Kettle starts hacking away at
    web caching infrastructure of a US government
    agency, a popular cloud platform provider, a
    hosting platform provider, a software product, a
    video game, an investment firm's investor
    information, and several online stores.

www.izoologic.com
6
Cache Attack Firefox as the New Weapon of Cyber
Criminals
  • "It's sort of a design flaw in the way caching
    and websites work."
  • Fortunately, Mozilla already fixed this upon
    their recent update last January, within 24 hours
    of James Kettle's report.
  • Even though this particular issue was resolved,
    it is unlikely for it to be just an isolated case
    in the future.
  • Hence users should be aware about the threatening
    extent web caching can be twisted into.

www.izoologic.com
7
Cache Attack Firefox as the New Weapon of Cyber
Criminals
  • Some tips include
  • For Companies It is always best practice to
    block internal network connection from outside
    and using corporate proxies during visits to
    outside resources.
  • It helps as well to monitor Traffic from own
    company sites a sudden influx of visitors that
    wasn't forecasted before normally is suspicious.
  • For Users Stay updated, not only with security
    software systems, but also with News about Cyber
    Security and legal privacy.

  • By Kym Patrick Benedicto

www.izoologic.com
8
How Firefox as the New Weapon of Cyber Criminals
www.izoologic.com
9
Contact Us
14 Hanover Street, W1S 1YH City of Westminster,
London UNITED KINGDOM
44 20 3734 2726
info_at_izoologic.com
www.izoologic.com
10
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The : "Cache Attack: Firefox as the New Weapon of Cyber Criminals" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!