[ news_security_news ]
Experts Give Warnings About JavaScript, AJAX
Doug Caverly
Staff Writer
2006-08-04
 Insider Reports RSS Feed
"Beware Web worms and viruses" - that's the message from several different security researchers at the Black Hat conference. The use of JavaScript and AJAX technology to create these was one of the main focuses. Apparently this threat is of the "here and now" variety.
"This isn't a proof of concept; this isn't academic," said Billy Hoffman, a lead research and development researcher at SPI Dynamics. "People are already doing this." A SecurityFocus article cited the Samy worm that had circulated through MySpace.
"We went from screwing around and having fun on MySpace to an attacker harvesting e-mail addresses to sell to spammers, all in less than 8 months," Hoffman said at the conference. Another security expert seemed to think the problem was only going to grow worse.
"We are back in the early days of the e-mail viruses where people were experimenting to see what can be done," stated Jeremiah Grossman, the founder and chief technology officer of WhiteHat Security. He went on to make a few disconcerting demonstrations, "all through Javascript and without exploiting vulnerabilities," as SecurityFocus described them.
"We don't need to hack the operating system anymore - everything you need to attack is online," Grossman concluded. The article said he'd identified one of the bigger problems as the cross-site scripting that "makes Javascript attacks and Web worms possible."
"If you don't want your Web site to be helping spread malware, the best way to prevent it is to resolve your cross-site scripting issues," Grossman said.
Tag: JavaScript, AJAX
Add to  Del.icio.us |  Digg |  Yahoo! My Web |  Furl
Get all the updates in RSS: 
About the Author:
Doug is a staff writer for SecurityProNews, InternetFinancialNews, SearchNewz, and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
