this story really should've been titled 'hackrs...'
On 7/12/07, Dude VanWinkle <[EMAIL PROTECTED]> wrote:
On 7/11/07, Paul Ferguson <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Via ITPro. > > Please read further for my comments. Holy $%i# Paul comments on a story?!! What is this friday the 13th?,.. no wait, thats tomorrow... ;-) > > [snip] > > We've been saying for over 10 years that JavaScript, in and of > itself, can be used for extremely evil shit. And since most of > the newer, mash-up-style Web "Uh-Oh' stuff uses AJAX and requires > users to open themselves up for JavaScript exploitation just to > experience the content. Do you remember the java applet port scanner that was posted to FD a while ago? If you visited the site, it would load the applet and scan cia.gov from your IP address? (kinda like this one: http://switch.sjsu.edu/v6n2/ztps/, but I dont remember having to click on "ok" to have the scan kick off..) Well I am just waiting for some interactive content to allow folks to load a tiny SMTP server into visiting users JVM's use that to send out spam.. Could JS be used that way as well? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
-- mike http://lets.coozi.com.au/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
