JavaScript Botnet Sheds Light On Criminal Activity 50
CowboyRobot writes "Informatica64, a security research group, demonstrated the use of cached JavaScript to control computers connecting to a malicious proxy. 'The researchers found a variety of low-level criminals using their proxy server: fraudsters posing as British immigration officials offering work permits in hopes of stealing money and sensitive documents from their victims; a man pretending to be a pretty woman on a number of dating sites to con victims into sending money for a plane ticket; and another fraudster selling nonexistent Yorkshire Terriers.'"
Re: (Score:3)
I am disappointed. I clicked the link out of sheer nostalgia , but it's 404. Then I actually typed goatse.cx into the address bar.. and someone is squatting on that domain alright, but not in the way I expected! So read up on wikipedia, and see that's very old news... FFS, what is the web coming to?
Really? (Score:5, Insightful)
It is very likely that companies and governments are already using this technique to eavesdrop on criminal activity, Alonso said.
Really? How about them using it to eavesdrop on -everyone- regardless on if it is "criminal" or not. Plus, I'm sure governments have more invasive methods rather than just this.
Re: (Score:2, Insightful)
I was at this presentation-- it was a public access proxy. If you're going to risk sending information over a proxy *you do not run* then that is your own mistake.
Re:Really? (Score:4, Funny)
Plus, I'm sure governments have more invasive methods rather than just this.
Yes, in the sage words of Jon Stewart, "I'm sure big government feels its largest when it's in your anus."
This should shut down the naysayers (Score:5, Funny)
Yep, this is proof... Javascript is a real programming language.
Re: (Score:1)
http://bellard.org/jslinux/
Re: (Score:1)
You made my day!
Re: (Score:1)
Isn't that what XFCE is for?
Re: (Score:1)
Its called KDE ;)
Kde4 seems to have lost some weight, or gnome3 put masses on.
But they feel pretty much the same.
I just switched to KDE4 and i must say: wow, you can configure ANYTHING, thing is, you HAVE TO configure anything -.-
Re:uh... only if you run it (Score:5, Insightful)
Nobody in their right mind runs javascript from random sites any more
Nobody cares except computer security professionals. Sure, I run noscript, adblock, and requestpolicy in FF, but no one else I know does unless I force them. Tons of sysadmins and low-level techs in the IT field don't even bother or know why they should care. So people who should have a clue are still running javascript (and flash, pdfs, and random exploit laden images from web ads) from random sites. What do you think that means about non-IT folk? They're all doing it, and only changing the browser defaults will do anything about it.
Comment removed (Score:4, Informative)
Re: (Score:2)
Re: (Score:1)
If a site i visit, wont lead without JS, im not visiting that site again!
Re: (Score:3)
Re: (Score:1)
I won't disagree that the majority of web developers do things like load jQuery, before they even know why they need it. Usually because they're a novice trying to create a blog for their cousin and never had any actual web development experience. But please remember that not all web developers are like that.
When used properly JavaScript can enhance the overall security and experience of the site. For example, I like to SHA1 my user's passwords before submitting them to the server. Then I'll SHA1 that with
Re: (Score:2)
I am one of them. And I will keep on doing so. Your scaremongering isn't going to trick me into installing NoScript.
Re: (Score:2)
Wrong again Slashdot (Score:5, Funny)
"... and another fraudster selling nonexistent Yorkshire Terriers.'"
Bullshit. Yorkshire Terriers most certainly exist.
Re: (Score:2)
"... and another fraudster selling nonexistent Yorkshire Terriers.'"
Bullshit. Yorkshire Terriers most certainly exist.
But *he* wasn't selling real ones.
Re: (Score:1)
Re: (Score:2)
some folks would not believe that Foo/Temple Dogs exist even if a Tibetan Mastif took a chunk out of their hind end.
(hint here the TM is what inspired the legend of the Temple Dogs and in fact do the same job in real temples)
(as to the existence of actual magical Temple Dogs just ask any fans of The Dresden Files about "Mouse")
But... non-existant Yorkies are the best! (Score:5, Funny)
It shouldn't be a crime to sell non-existant Yorkies. Just think of the ensuing peace and quiet of neighbors, because the would-be purchaser no longer has the cash for a real one. That man owes society nothing. Yay, society should reward him for performing such a public service.
Re: (Score:2)
So, can I sell nonexistent Yorkshire pudding? That would be even quieter. Just sayin'.
Sure; what you'd better not try selling is fake Yorkshire pudding. That would be a trademark violation, which is a much more serious crime than selling something that you don't have.
implication for corporate networks (Score:4, Interesting)
i saw the talk a def con this weekend.
one of my take ways from this talk is when certain sites such as youtube/imgur/slashdot/reddit are
black listed due to corporate IT guidelines people often go to proxies to circumvent
this. So the net effect of black listing popular sites (besides being a pain) is to make your
network less secure.
imho ... wasted banwidth is better than getting hacked.
Scale invariance (Score:3)
Well, it looks like organized crime has found its own Etsy and Craigslist. I suppose it just demonstrates how the power of just-in-time communication and office automation can be an assest, even on the black market.
I don't get it... (Score:2)
Re: (Score:2)
The proxy is the man in the middle, nothing to it.
Well if I had a dollar... (Score:1)
...for every nonexistent Yorkshire Terrier I'd had to chase out of my back garden I'd have millions.
Re: (Score:2)