AJAX May Be Considered Harmful

87C751 writes "Security lists are abuzz about a presentation from the 23C3 conference, which details a fundamental design flaw in Javascript. The technique, called Prototype Hijacking, allows an attacker to redefine any feature of Javascript. The paper is called 'Subverting AJAX' (pdf), and outlines a possible Web Worm that lives in the very fabric of Web 2.0 and could kill the Web as we know it."

first post

[Anonymous Coward]

So can I hijack slashdot to always get the first post?

Nothing for you to see here. Please move along.

[mobby_6kl]

Not surprising considering that slashdot is slowly trying to AJAXify itself...

The sky is falling!

[udderly]

Haven't RTFA yet, but I doubt it will live up to the hype.

Web 2.0.1

[ticklish2day]

Patch the hole and release Web 2.0.1. Good thing there's already a Web 3.0 [alistapart.com] in the works.

Re:notabug

[kfg]

This paper is absolutely ridiculous, and its author is scaremongering

He's obviously been watching to much local weather forecasting lately:

"Scattered showers in the afternoon; Save the women and children!"

The Society of Hysteria really is getting to be a bit much.

KFG

Re:notabug

[mctk]

Society of Hysteria? SOCIETY OF HYSTERIA? aaaaaaaaah! SAVE YOURSELF!

Re:FUD?

[ednopantz]

>(or was it written in FUD?)

Ok, I propose we create a new programming language called FUD. Variables will be assumed to have their most sinister values and be impossible to verify.

On the next episode of Days of Our Web2.0 Lives...

[Chineseyes]

A Worm that lives in the very fabric of Web 2.0 and could kill the Web as we know it lurks is the deep dark recesses of the javascript
Who is this masked man known as the worm?
Why does he hate Web 2.0 so much?
Will this worm try to make us revert to Web 1.0?
And does this worm have anything to do with disappearances of Web 1.1 through Web 1.9?
This and much much more on the next epside of Days of our Web 2.0 Lives

Re:FUD?

[monoqlith]

. (or was it written in FUD?)

Sadly, no. The FUD compiler was written in Javascript, and was hijacked.

Re:Web 2.0.1

[The Bubble]

Not even! Microsoft just released Internet 7.0. All you Mozilla fanboys need to catch up with the times and replace your kiddy 'nix boxes with the new Vista.

</joke>

Already been done

[Anonymous Coward]

Ok, I propose we create a new programming language called FUD. Variables will be assumed to have their most sinister values and be impossible to verify.

Check out these great functions from the std lib:

halloweenDocuments();
GetTheFacts();
fundSCO();
  threatenToSueEasternGovernments();
hoodwinkNovel l();

...who says Microsoft don't innovate?

Re:FUD?

[Mr. Underbridge]

Ok, I propose we create a new programming language called FUD. Variables will be assumed to have their most sinister values and be impossible to verify.

Is that language derived from brainfuck?

Re:Summary completely overhyped

[Vo0k]

1. Prepare malicious javascript code capable of subverting AJAX in the domain it's installed in.
2. ???
3. Subvert their AJAX, intercept their communications, change their content, kill the Web as we know it, and ultimately, profit!!!

Re:The sky is falling!

[Tablizer]

Haven't RTFA yet, but I doubt it will live up to the hype.

Which hype, AJAX itself or AJAX ending the world?

Does Al Gore know anything about this?
         

AJAX May Be Considered Harmful

[Original Replica]

Damn Right! If you mix that stuff with a chlorine bleach, the fumes will put you straight in the morgue.

Neuromancer

[noz]

... a possible Web Worm that lives in the very fabric of Web 2.0 and could kill the Web as we know it.

My deck is damaged. I must break through the ICE! Where are my Yeheyuans?

Re:Have you ever tried to deploy an AJAX applicati

[bunions]

It's just a JavaScript library that allows the page to communicate with the server without clicking a link and bringing up a new page. How does that encourage poor development?

By enabling development to occur at all. The program that is never written has zero bugs and is therefore the perfect program.

Re:notabug

[pboulang]

I'll give you $5 if you ask your mom that and follow it up with a "pistol wink"

AJAX May Be Considered Harmful

[Elranzer]

... only if swallowed.