Re: Hackers Focusing on Web 2.0 Sites (plus Comment)

["Michael Silk" <michaelslists () gmail com>]

this story really should've been titled 'hackrs...'


On 7/12/07, Dude VanWinkle <dudevanwinkle () gmail com> wrote:
> On 7/11/07, Paul Ferguson <fergdawg () netzero net> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Via ITPro.
> >
> > Please read further for my comments.
>
> Holy $%i# Paul comments on a story?!! What is this friday the 13th?,..
> no wait, thats tomorrow... ;-)
>
> >
> > [snip]
> >
>
> > We've been saying for over 10 years that JavaScript, in and of
> > itself, can be used for extremely evil shit. And since most of
> > the newer, mash-up-style Web "Uh-Oh' stuff uses AJAX and requires
> > users to open themselves up for JavaScript exploitation just to
> > experience the content.
>
>
> Do you remember the java applet port scanner that was posted to FD a
> while ago? If you visited the site, it would load the applet and scan
> cia.gov from your IP  address? (kinda like this one:
> http://switch.sjsu.edu/v6n2/ztps/, but I dont remember having to click
> on "ok" to have the scan kick off..)
>
> Well I am just waiting for some interactive content to allow folks to
> load a tiny SMTP server into visiting users JVM's use that to send out
> spam..
>
> Could JS be used that way as well?
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.


--
mike
http://lets.coozi.com.au/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.