XSS and bypassing an Imperva WAF with JSFuck
Those of us who work within DFIR have probably at some time encountered inappropriate/criminal images and had to deal with the mental issues they bring with them (If not consider yourself lucky). Because of this fact I try as often as possible to educate young people I interact with regarding the internet and its very dark side, although without going into the full detail of the misery that exists there.
I decided I would use one of my blog posts to publish some of the advice I have gathered during my time in DFIR, in the hope that parents, carers teachers and other people in positions of responsibility/trust might be able to use it as a resource to spread the word.
In my younger day’s having a phone of your own or even access to a computer was unheard of but we now live in a very advanced technological age where children have smartphones, tablets and computers from a very young age. Each of these items has the capability to take photos and videos which can be shared to every corner of the World Wide Web at the mere press of a button.
What Risks Exist?
The risks are numerous and this list is not exhaustive and are mainly common sense, but how many children do you know who have common sense? This is where we as adults need to be there to protect the children in our care and act as their conscience, educate them regularly but also monitor their usage to ensure they are not being targeted by nefarious individuals.
Here are some pieces of advice that can be used as part of that education:
- Once a video or image has been shared to the internet you lose all control of where it is shared, sent or downloaded. Would you be happy for what you are posting to be seen by a family member or friend? Also remember that using Snapchat doesn’t mean the other person cant save and share photos you send.
- Remember one day you will become an adult with all the added responsibility of seeking a career. Many employers these days will carry out background research on you as an individual and this will include a trawl of your web based and social media footprint. Another good reason to ensure you are more than happy with what you send to the internet.
- If you have any doubt about an image or video causing you embarrassment then don’t post or share it. Images such as that can and have been used to bully individuals which in extreme cases has led to very sad instances of suicides by the victims of the bullying. Even in less extreme cases the victim can suffer from anxiety and depression which in itself can ruin a young persons childhood and adult life.
- Posting or sharing sexual pictures or videos on-line opens children up to targeting by the numerous paedophiles and abusers who now use the internet as their hunting ground of choice. In my younger days it used to be called ‘Stranger Danger’ but this has moved on-line into an environment which is much harder to monitor and again where education is even more important. Children do not see the danger until it is too late as they don’t see a person and therefore the old ‘Stranger Danger’ warnings do not work.
This is all good advice that can be passed to your children, obviously it is up to you how much detail you go into with the warnings. This information is not meant as scaremongering but believe me when I say the internet is a very dark place filled with very scary individuals and content, please don’t let your child become part of that content.
What can you do as a parent to monitor the usage of the internet by your child? I realise like most people that privacy issues can be an issue especially when dealing with a child who thinks they are ‘Grown Up’. Again this will come down to how far you are willing to go to protect your child and whether you think the education piece above is enough or not. You may find that education is all that you require but if you were to become more concerned for your child’s welfare there are apps and software available which can be used to monitor your child’s internet usage. I will not be posting these in this blog as I have not tested any of those apps and would not want to endorse any app/software I have not personally used. There are although steps available which can be used to assist in restricting usage on many different devices which is referred to as ‘Parental Controls’.
- There is an excellent site which has numerous step by step guides for setting up parental controls across all different types of smartphones, tablets and PCs but also how to set them up in your home depending on the ISP you are using. This can be found on the internet matters website here.
- Another excellent resource that covers not just this subject but also banking and social media is the get safe on-line site and can be found here
- Here is an excellent video that very pointedly explains to children the risks of posting to social media
Parental controls are an excellent resource and when installed correctly can indeed help to protect your child, but they should not be seen as total protection and need to be used in conjunction with education.
You may have noticed that I keep coming back to the education piece and that should bring home to you just how important it is to communicate with your child, if you do not talk to them how can you have any chance of knowing what they are thinking or if indeed they are being targeted or bullied?
Image/Video Already Posted?
So you arrive late to the situation and discover that an image or video has already been posted what can you do to limit the damage? Firstly you need to delete the image from your side. If that’s not possible or it has been posted by someone else then most social media sites offer the ability to report images and allow you to have them removed that way. Obviously if the image has already been downloaded by individuals there is nothing you can do about that and that is one of the first points raised above. Remember you lose all control as soon as you press the button to share to the internet.
Concerned For Your Child – What Next?
Ok you have taken all steps possible to try and protect your child on-line but what if you suspect your child is being groomed or exploited on-line? Fortunately there is an organisation who specialises in dealing with these very valid concerns. The National Crime Agency (NCA) Child Exploitation and Online Protection (CEOP) is that organisation and it is to them you can report any concerns that you may have for a child via their safety centre here. Alternatively here is a direct link to their reporting page. It is not possible to do this anonymously as you are effectively reporting a crime. If you would feel better discussing your concerns with someone before taking that step there are some very experienced and highly trained individuals available via the NSPCC helpline on 0800 800 5000.
I hope that you as parents, carers, teachers and people in positions of responsibility/trust never need to use the details in that last paragraph but expect you all to use the information further up to ensure that we protect those who are unable to protect themselves during their early years. I know from personal experience of having to view some of the content from the darker areas of the web that I will do all I can to protect my children from becoming part of that.
I hope you have found this information useful and as always I am open to any suggestions or constructive feedback to improve.