PDA

View Full Version : JavaScript vulnerability



Karen S. Garvin
Mar 27th, 2007, 08:07 PM
Apparently someone's found a way to make JavaScript do really bad things. Read the article "Tool Turns Any Java-Script-Enabled Broswer into a Malicious Drone" at physorg.com (http://www.physorg.com/news94203726.html).

Philip M
Mar 28th, 2007, 08:52 AM
Is this true? Or just another Y2K scare, with someone trying to work up a market to sell a solution to an imaginary or negligible problem?

A1ien51
Mar 28th, 2007, 06:31 PM
Billy Hoffman is a very good speaker, if he is at a conference, make sure to attend his sessions.

If you go to the SPI Dynamics website, they have some interesting white papers on JavaScript. My favorite is port scanning.

With JavaScript, you can reset a wireless router! It can do some crazy things.

Eric

Philip M
Mar 28th, 2007, 11:10 PM
All this is way over my head, but I am always a little sceptical about nostrums which are supposed to ward off evil. It can never be proved for certain whether it was effective or not. If the evil still materialises then you should have used more of it .........

I am always reminded of the chap who painted the fence all around his house in yellow and purple stripes. When asked by his neighbour why he had done this he explained that it was to keep the tigers away. "But there are no tigers around here" said the neighbour. "That's right, effective isn't it?" replied the chap.

A1ien51
Mar 28th, 2007, 11:25 PM
From what I gather it is a script that links a bunch of known vulnerabilites together and runs them with the user's browser. Grabs a list from a server, runs the test and sends the data back.

You really are talking about SQL and JavaScript injection to inject the code onto other sites. Sort of the Sammy Worm that spreads out from server to server.


Eric

_Aerospace_Eng_
Mar 29th, 2007, 04:34 AM
All this is way over my head, but I am always a little sceptical about nostrums which are supposed to ward off evil. It can never be proved for certain whether it was effective or not. If the evil still materialises then you should have used more of it .........

I am always reminded of the chap who painted the fence all around his house in yellow and purple stripes. When asked by his neighbour why he had done this he explained that it was to keep the tigers away. "But there are no tigers around here" said the neighbour. "That's right, effective isn't it?" replied the chap.

Ironically here in the US there is a college whose mascot is a tiger and their colors are purple and yellow. Perhaps they were talking about the LSU tigers?

Karen S. Garvin
Mar 29th, 2007, 06:34 PM
It's true as far as I can tell. There are always people pushing the envelope to get something to do something else that it wasn't designed for.


Ironically here in the US there is a college whose mascot is a tiger and their colors are purple and yellow. Perhaps they were talking about the LSU tigers?

Yep, Philip M's story is true, too: that's why the tigers are found at LSU and not at the house of the guy with the painted fence!