Worms/Virii 2.0
Posted by todd Wed, 18 Oct 2006 05:59:00 GMT
I'm not sure how I missed the fact that "ToorCon" was down the street from me in San Diego last weekend, but anyway...
There was a session there discussing the vulnerabilities of AJAX in web applications, and it's going to be an interesting problem. I haven't been hacking code enough lately to understand the details, but from the sounds of it this may be about as good as Unix security back in the day.
One difference, back then the majority of the world didn't check their credit card statements in Unix.
The article also mentions the "Sami" worm, which is probably my favorite geek story in years.
"An AJAX-capable browser can load up pages and step through complex forms without the browser's owner ever knowing anything has happened. This technique was used most famously by a teenager named "Sami," who wrote an AJAX worm and put it on his Myspace profile which caused anyone who looked at his site to "friend" him and propagate the exploit on their own page. To his dismay and surprise, within a day he had a million new friends. This was a relatively harmless application, but Stamos warns that the damage doesn't end there. "There are a lot of (AJAX bugs) that are being exploited now.""
Read the whole article HERE.
