From ethicalreearcher at gmail.com  Fri Jun  7 06:34:11 2024
From: ethicalreearcher at gmail.com (M.Arslan Kabeer)
Date: Fri, 7 Jun 2024 09:34:11 +0500
Subject: [Fiware-tech-help] VULNERABILITY REPORT : CLICK JACKING
Message-ID: <CAAMtE5XCgVr-bshhaf3q5pZCTGPma8b_ANiZDVYKBWGTSkAafQ@mail.gmail.com>

Hi team,

    I am a security researcher and freelance ethical hacker and i have
discovered the vulnerability in your website


    Bug type : UI Redressing
    Impact :  Phishing


    Description :
    Clickjacking, also known as a "UI redress attack", is when an attacker
uses multiple transparent or opaque layers to trick a user into clicking on
a button or link on another page when they were intending to click on the
the top level page. Thus, the attacker is "hijacking" clicks meant for
their page and routing them to another page, most likely owned by another
application, domain, or both.

    Using a similar technique, keystrokes can also be hijacked. With a
carefully crafted combination of stylesheets, iframes, and text boxes, a
user can be led to believe they are typing in the password to their email
or bank account, but are instead typing into an invisible frame controlled
by the attacker.


    <html>
<head><title>Clickjack test page</title></head>
<body>

<h1> Clickjacking in your website </h1>
<iframe width="1000" height="500" src="
https://lists.fiware.org/mailman/listinfo"/>

</body>

</html>


    Impact:
    The site can also be opened in an iframe after the user has logged it
making it hard for the user to avoid phishing.A user can be tricked into
downloading amalicious file that an attacker wants a user to download,
allowing an attacker to gain access to the users device .


    Remediation :
    Add an iframe destroyer in the header of the page


    Note :
    I am also attaching a screen shot as proof of concept.

    I hope to receive reward for the responsible disclosure of the
vulnerability

    waiting for your response


    Best Regards
    White HaT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-tech-help/attachments/20240607/7f3190df/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lists.fiware.org.png
Type: image/png
Size: 85984 bytes
Desc: not available
URL: <https://lists.fiware.org/private/fiware-tech-help/attachments/20240607/7f3190df/attachment-0001.png>

From Mohammedhamza at asawainsulation.site  Sun Jun  9 02:18:38 2024
From: Mohammedhamza at asawainsulation.site (Mohammedhamza at asawainsulation.site)
Date: 9 Jun 2024 02:18:38 +0200
Subject: [Fiware-tech-help] Funding Plan
Message-ID: <20240609021837.E1EFA2651DA78031@asawainsulation.site>

Greetings,
 
We the ATLAS GROUP HOLDING CORK CITY  IRELAND invite you to
partner with us and benefit from our new Loan and Partnership
Project funding program. We offer loans and funding for various
good projects

Do you have any projects that need funding? We are ready to give
you a Loan and a big loan at just 2% per annum for 15 years

If you?re interested in any of our proposals send me your  
Mobile phone number so that I can write you and give you more
details on our Loan Investment
Funding Plan
 
Regards
Mr. Mohammed Hamza.
ATLAS GROUP HOLDING CORK CITY IRELAND

From michael.ulbig at ptb.de  Wed Jun 19 17:56:51 2024
From: michael.ulbig at ptb.de (michael.ulbig at ptb.de)
Date: Wed, 19 Jun 2024 17:56:51 +0200
Subject: [Fiware-tech-help] Continues Upstream problems
Message-ID: <OF771A9D74.A4931362-ONC1258B41.0050384C-C1258B41.00579A39@ptb.de>

Dear FIWARE support,

Our FIWARE-Setup:
- FIWARE-LD in Docker
- on an VM
  - memory 4GB
  - Disc: 50GB SSD
{
  "orionld version": "post-v1.5.1",
  "orion version": "1.15.0-next",
  "uptime": "0 d, 1 h, 4 m, 49 s",
  "git_hash": "nogitversion",
  "compile_time": "Sun Jan 28 08:20:37 UTC 2024",
  "compiled_by": "root",
  "compiled_in": "",
  "release_date": "Sun Jan 28 08:20:37 UTC 2024",
  "doc": "https://fiware-orion.readthedocs.org/en/master/"
}

Our UseCase:
We want to collect and distribute data from out electricity meters over 
FIWARE. 
For this we have a python script on a VM which collects the data, 
transforms it into ThreePhaseMeasurement Json-LD file and then sends it to 
the FIWARE on a different VM.
With this set up, we transfer so far about 30 Measurements to FIWARE every 
15 seconds.
In our attempts we tried to find a solution as simple as possible.

In our first attempt we wanted to save each measurement in each its own 
json-ld file.
Each file then has its own id (ndgsi-ld/v1/devicename-timestamp). 
The idea behind this, was to be able create with Json-ld and the MongoDB a 
semantic web / ontology. 
The problem we ran into with this is a linear increase usage of the memory 
(ram) until our fiware service breaks down.
After tring different things we came to the realization that we using 
FIWARE wrong and started our second attempt, 

In our second attempt we just work with one json-ld for each measurement 
and then patch the latest data.
Unfortunately, we still run in the same problem.
We also have tried to manually close the connections (Header {'Connection' 
:' Close'}, / Python response.close()).
Unfortunately with no effect.
Our memory still seems to continue soaking up data and we are still 
running in an out of memory:

Our question:
How are we meant to transfer data to FIWARE?
Are we on the right way by using Patch to upload data to FIWARE?
Do you maybe have an idea what causes this linear increase of memory 
usage?

We are thankful for any help or hint.
If you need any more information let me know 

With kind regards and thanks in advance
Michael Ulbig


Michael Ulbig
Physikalisch-Technische Bundesanstalt
Fachbereich 9.4 Metrologie f?r die digitale Transformation
Bundesallee 100
38116 Braunschweig
Telefon: +49 531 592 9407 
E-Mail: michael.ulbig at ptb.de 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-tech-help/attachments/20240619/df86218c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 18014 bytes
Desc: not available
URL: <https://lists.fiware.org/private/fiware-tech-help/attachments/20240619/df86218c/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 2092 bytes
Desc: not available
URL: <https://lists.fiware.org/private/fiware-tech-help/attachments/20240619/df86218c/attachment-0003.gif>