Autopsy URLs

> Over the past year, there have been a couple of minor reports of CSRF
> or XSS whereby someone is running autopsy on their local computer and
> they open an HTML e-mail (or visit a website) that has an image link
> to an autopsy URL.  The attacker does not get any data as a result,
> but they can create a case or add notes (if they can guess the case
> name, host name, image name, etc.).   Because no data is revealed or
> changed in these techniques, I consider them fairly minor.  But, they
> should be addressed.
>
> There are a couple of obvious solutions to this.  One is to enable
> cookies for all connections (i.e. the URL for the main screen will
> have a long number in it).  Another is to enable a cookie that gets
> set after the main screen (meaning that you need to start from the
> main screen each time). Another is to have case-specific cookies that
> get set when you open the case (but that would not prevent someone
> from creating an empty case on your computer). We could also use the
> referrer info.  Originally, I didn't like having the cookie in the URL
> because that would prevent you from using the web browser bookmarks to
> bookmark files of interest.
>
> I haven't decided which approach I will take yet, but wanted to give a
> heads up that the next release will probably require you to start
> Autopsy from the main page instead of jumping directly into a host or
> image.
>
> brian
>
> ------------------------------------------------------------------------------
> Enter the BlackBerry Developer Challenge
> This is your chance to win up to $100,000 in prizes! For a limited  
> time,
> vendors submitting new applications to BlackBerry App World(TM) will  
> have
> the opportunity to enter the BlackBerry Developer Challenge. See  
> full prize
> details at: http://p.sf.net/sfu/Challenge
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>