funsec mailing list archives
Re: Hackers Focusing on Web 2.0 Sites (plus Comment)
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Thu, 12 Jul 2007 07:00:31 -0400
On 7/11/07, Paul Ferguson <fergdawg () netzero net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via ITPro. Please read further for my comments.
Holy $%i# Paul comments on a story?!! What is this friday the 13th?,.. no wait, thats tomorrow... ;-)
[snip]
We've been saying for over 10 years that JavaScript, in and of itself, can be used for extremely evil shit. And since most of the newer, mash-up-style Web "Uh-Oh' stuff uses AJAX and requires users to open themselves up for JavaScript exploitation just to experience the content.
Do you remember the java applet port scanner that was posted to FD a while ago? If you visited the site, it would load the applet and scan cia.gov from your IP address? (kinda like this one: http://switch.sjsu.edu/v6n2/ztps/, but I dont remember having to click on "ok" to have the scan kick off..) Well I am just waiting for some interactive content to allow folks to load a tiny SMTP server into visiting users JVM's use that to send out spam.. Could JS be used that way as well? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Hackers Focusing on Web 2.0 Sites (plus Comment) Paul Ferguson (Jul 11)
- Re: Hackers Focusing on Web 2.0 Sites (plus Comment) Dude VanWinkle (Jul 12)
- Re: Hackers Focusing on Web 2.0 Sites (plus Comment) Michael Silk (Jul 12)
- Re: Hackers Focusing on Web 2.0 Sites (plus Comment) Jordan Wiens (Jul 12)
- Re: Hackers Focusing on Web 2.0 Sites (plus Comment) Dude VanWinkle (Jul 12)