Web server log review

I have had numerous conversations with people on the reviewing of web server logs and with that comes many different ideas on the importance of web server logs. For marketing staff it is of course web analytics, for network/system staff it is for determining why the site is not displaying images, and of course for security persons it is much more.

What do you review your web server logs for.

4 New Browser Vulnerabilites

Yesterday Michal Zalewski posted to Full-Disclosure 4 new browser based vulnerabilities. Normally I would not post about browser based vulnerabilities but these are worth mentioning. I can see how the bad guys would use each one of these for purposes of performing fraud on our members.

1. Title : MSIE page update race condition (CRITICAL) Impact : cookie stealing / setting, page hijacking, memory corruption
2. Title : Firefox Cross-site IFRAME hijacking (MAJOR) Impact : keyboard snooping, content spoofing, etc
3. Title : Firefox file prompt delay bypass (MEDIUM) Impact : non-consentual download or execution of files
4. Title : MSIE6 URL bar spoofing (MEDIUM) Impact : mimicking an arbitrary site, possibly including SSL data

I hope i am wrong, but if the bad guys start to use these they would be able to steal many login credentials for online banking applications, e-commerce sites, etc….

This is being covered by Computerworld and by the Sans Incident handlers on duty.