Web 2.0 Under Siege 170
Robert writes "Security researchers have found what they say is an entirely new kind of web-based
attack, and it only targets the Ajax applications so beloved of the 'Web 2.0' movement.
Fortify Software, which said it discovered the new class of vulnerability and has named it
'JavaScript hijacking', said that almost all the major Ajax toolkits have been found vulnerable. 'JavaScript
Hijacking allows an unauthorized attacker to read sensitive data from a vulnerable
application using a technique similar to the one commonly used to create mashups'"
Vocabulary Fix (Score:3, Funny)
quick! (Score:5, Funny)
Mashups? (Score:5, Funny)
Does this mean... (Score:3, Funny)
Easy Fix (Score:2, Funny)
The Biggest WTF... (Score:5, Funny)
(Captcha: backtotheweb1.0)
Re:Vocabulary Fix (Score:3, Funny)
Re:They discovered this? (Score:3, Funny)
Re:XSS (Score:3, Funny)
Here [fortifysoftware.com]. For future reference:
It's really not that hard to find details. All you really need is the ability to operate a web browser, a search engine, and about thirty seconds of your time.
Re:Executing 3rd party code by default is insecure (Score:3, Funny)
I suspect a submarine built out of a nice solid gruyere would probably not be terribly seaworthy either. When it comes to the structural integrity of hull materials, cheese tends to rank pretty low.