funsec mailing list archives
Re: Hackers Focusing on Web 2.0 Sites (plus Comment)
From: "Michael Silk" <michaelslists () gmail com>
Date: Thu, 12 Jul 2007 21:20:14 +1000
this story really should've been titled 'hackrs...' On 7/12/07, Dude VanWinkle <dudevanwinkle () gmail com> wrote:
On 7/11/07, Paul Ferguson <fergdawg () netzero net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Via ITPro. > > Please read further for my comments. Holy $%i# Paul comments on a story?!! What is this friday the 13th?,.. no wait, thats tomorrow... ;-) > > [snip] > > We've been saying for over 10 years that JavaScript, in and of > itself, can be used for extremely evil shit. And since most of > the newer, mash-up-style Web "Uh-Oh' stuff uses AJAX and requires > users to open themselves up for JavaScript exploitation just to > experience the content. Do you remember the java applet port scanner that was posted to FD a while ago? If you visited the site, it would load the applet and scan cia.gov from your IP address? (kinda like this one: http://switch.sjsu.edu/v6n2/ztps/, but I dont remember having to click on "ok" to have the scan kick off..) Well I am just waiting for some interactive content to allow folks to load a tiny SMTP server into visiting users JVM's use that to send out spam.. Could JS be used that way as well? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
-- mike http://lets.coozi.com.au/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Hackers Focusing on Web 2.0 Sites (plus Comment) Paul Ferguson (Jul 11)
- Re: Hackers Focusing on Web 2.0 Sites (plus Comment) Dude VanWinkle (Jul 12)
- Re: Hackers Focusing on Web 2.0 Sites (plus Comment) Michael Silk (Jul 12)
- Re: Hackers Focusing on Web 2.0 Sites (plus Comment) Jordan Wiens (Jul 12)
- Re: Hackers Focusing on Web 2.0 Sites (plus Comment) Dude VanWinkle (Jul 12)