Tuesday, November 4, 2008

Javascript - hacker's favorite language !!!

at Tuesday, November 04, 2008 ·



Well , like as usual i came across this article ... and it was good to read it ... so i thought to post it here again ....

The demand that the development of web 2.0 has placed on browsers to become more interactive and act as a portal rather than just a viewing platform is opening up new vulnerabilities to unsuspecting users, Itzik Kotler, team leader of the Security Operation Center at Radware, has warned.

As well as developing new signatures and analytic tools for Radware scanning software, Kotler also works on finding new classes of vulnerabilities before they appear in the wild.

One such security hole is in Javascript, which would allow a hacker to copy any file from a user's PC with little chance of detection – something many have considered to be impossible.

Koter demoed the hack, dubbed Jinx, to vnunet.com at this week's RSA security show in London. He showed how the process was done from within the browser itself, not by altering the browser binary, which can be detected by most anti-virus systems, but rather by adding plain HTML code into just one specific file.

According to Koter, this new class of attack will be attractive to cyber-criminals whose existing techniques are increasingly vulnerable to detection because the approach is cross platform and cross browser, allowing the hackers to access systems previously unavailable to them, such as Linux, Mac and mobile.

The problem stems from the fact that internet browsers have quickly moved from being passive text and picture viewers to essentially an operating system in their own right, through interactive services such as user-generated content, hosted applications, web mail and social networks.

"HTML is now like a batch file for everything," said Koter.

"It's only down to shaping and redirecting it from this intended purpose."

He concluded that, although these types of attack are not yet in the wild, security firms and browser developers need to ensure that the increased demand for a more flexible browser does not open the door to hackers.


Njoy

Labels: ,  

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Supporting the Cause

Creative Commons

Creative Commons License
Random Thoughts .... by Gaurang is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Translate into your Language

New Day New Giveaway

Powered By Blogger