http://www.ngssoftware.com/research/papers/InterProtocolExploitation.pdf
Summary: A way of exploiting web browsers located within the security
perimeter (i.e access to internal network)
using something like javascript from an external web page to launch
a buffer overflow attack on internal network.
Seems like problems like this could have have serious implications
against many applications that are badly written but thought safe since
not exposed to Internet.
Obviously LSMB would not be susceptible to buffer overflows, but every
day I see more and more seriously negative stuff about javascript.
My understanding is that LSMB development is going to add a lot of
javascript based web 2.0/ajax type stuff, which IS wonderful to use.
Are there plans for the new interfaces to "degrade gracefully" without
loss of function (some loss of convenience couldn't be avoided), if a
person found that javascript HAD to be turned off and kept off because
of non-LSMB security issues?
Chris Bennett
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Ledger-smb-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
