Hmm, I have to say I'm not really much more scared about this than
as with any other web browsing.  To the end-users I support, who are
just as likely to "accidentally" click on some bad email attachment or
"accidentally" surf into nether regions, there is little or no difference.
It *almost* appears as another attack vector, but not quite from what
I've seen.  Now, if you start putting this crap in desktop widgets which
are sure to contain JS in some implementation, outside of a browser
entirely, then... well hum.

I'm confused about why you say this is so important, and yet also state
that real time scanning is over-rated.  It appears that real-time scanning,
is the best way to catch (or at least observe) these malicious behaviours.
And I notice all proofs-of-concept, and even early exploits, have say sql
injections in the clear, so it seems like you could easily scan for things
that look like sql in traffic, but with JS it is so easy to wrap/unwrap
data.

Thanks for bringing this topic up -- future implications of AJAX, and
especially
the ways in which current trends are jut destroying some of the old-timey
web fundamentals, is just not discussed openly enough IMO.
If we started selling a car that drives on top of power lines, to avoid
traffic, then our audience could either be shocked or be busy building
elevated
parking spaces and new on-ramps.  Sorry, I'm working on my pataphors!  ;)

ben



On 2/20/07, Michael Miller <[EMAIL PROTECTED]> wrote:

Ya your right Ben,  I should have posted a example or two.

http://blogs.securiteam.com/index.php/archives/734
http://www.gnucitizen.org/blog/google-search-api-worms

I know there is a lot of hype out there about this.  Some of this is
just theory and some of it is or will be fact when some one releases
another banner ad worm.

-Miller

On 2/20/07, Ben Barrett <[EMAIL PROTECTED]> wrote:
> Are you asking if we know that AJAX can do things that we should
consider
> scary?
> (I think I agree... but...)  How about giving a few examples of why we
> should be
> so scared?  There are a LOT of folks who won't disable JS since it
"breaks
> the web"
> almost as much (in their opinion) and unplugging network cables!
>
> thanks,
>
> ben
>
>
>
> On 2/20/07, Michael Miller < [EMAIL PROTECTED]> wrote:
> > Real time scanning is over rated in my book.  The only time you need
> > to scan items real time is when your receiving e-mail.  If you turn
> > off Active X and java script ( If you can. ) You should be fine.  It's
> > really scary what we can do with AJAX and Java script in the web
> > browser.  I'm sure most of you if not all know this.  If you can do
> > some in line scanning with your web traffic that is even better.  I
> > thinking about setting up Squid to use ClamAV to scan the banner Ad's
> > along with everything else looking for malware and or militias
> > content.
> >
> > -Miller
> >
> > On 2/16/07, Elijah Buck <[EMAIL PROTECTED]> wrote:
> > > FYI,
> > >
> > > clamav doesn't have a real-time scanner (that is, it only scans when
you
> > > schedule it to scan).
> > >
> > >
> > >
> > >
> > > On 2/14/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > > >
> > > >
> > > > Just out of curiousity, how does AVG size up against Clam AV?
> > > >
> > > > -E
> > > >
> > > >
> > >
> > >
> > > _______________________________________________
> > > EUGLUG mailing list
> > > [email protected]
> > > http://www.euglug.org/mailman/listinfo/euglug
> > >
> > >
> > _______________________________________________
> > EUGLUG mailing list
> > [email protected]
> > http://www.euglug.org/mailman/listinfo/euglug
> >
>
>
> _______________________________________________
> EUGLUG mailing list
> [email protected]
> http://www.euglug.org/mailman/listinfo/euglug
>
>
_______________________________________________
EUGLUG mailing list
[email protected]
http://www.euglug.org/mailman/listinfo/euglug

_______________________________________________
EUGLUG mailing list
[email protected]
http://www.euglug.org/mailman/listinfo/euglug

Reply via email to