Slashdot Mirror

← Back to Stories (view on slashdot.org)

JavaScript Malware Open The Door to the Intranet

Posted by ryuzaki0 on from the anybody-home dept.

An anonymous reader writes "C|Net is reporting that JavaScript malware is opening the door for hackers to attack internal networks. During the Black Hat Briefings conference Jeremiah Grossman (CTO, WhiteHat Security) '...will be showing off how to get the internal IP address, how to scan internal networks, how to fingerprint and how to enter DSL routers ... As we're attacking the intranet using the browser, we're taking complete control over the browser.' According the the article, the presence of cross-site scripting vulnerabilities (XSS) dramatically increase the possible damage that can be caused. The issue also not which-browser-is-more-secure, as all major browsers are equally at risk. Grossman says 'The users really are at the mercy of the Web sites they visit. Users could turn off JavaScript, which really isn't a solution because so many Web sites rely on it.'"

6 of 169 comments (clear)

  1. JavaScript Malware Open The Door to the Intranet by Ohreally_factor · · Score: 5, Funny

    Caveman Zonk edit headline bad.

    --
    It's not offtopic, dumbass. It's orthogonal.
  2. Re:JavaScript Malware Open The Door to the Intrane by Exatron · · Score: 4, Funny

    Me, Grimlock, like headline. No want it change.

    --
    "I think so, Brain, but 'instant karma' always gets so lumpy." - Pinky
    "Decepticons FOREVER!!!" - Ravage
  3. NCSA Mosaic avoids this problem by shwonline · · Score: 3, Funny

    Ah, the simpler days of gray backgrounds and Times New Roman. None of these fancy tables, neither. And we had to walk 5 miles to school, uphill, in snow up to our hips. And 10 miles uphill to get back home. Kids today with their fancy JavaScript. No appreciation, none at all.

    --
    Do you have a flag?
  4. Oh well, let's prevent people doing their jobs by Flying+pig · · Score: 2, Funny
    Because it worked so well for the KGB. KGB agents planted by photocopiers to ensure the wrong documents didn't get copied. Typewriters with unique typefaces in a single nonstandard size so that official documents couldn't be faked. Yes, if you are restrictive enough eventually you can bring everything crashing to a halt. However, the concept that everything is forbidden except what is compulsory has hardly proven the most successful business paradigm. IT is supposed to be an enabling technology, not a disabling technology. The sudden focus on security has brought to the fore all the anal retentives who secretly want to stop people doing things, and now have a justification for doing it.

    The answer with all these technologies is to get away from the "everything is permitted, everything links to everything else" model that Microsoft promoted till it ran into trouble, and work out a way of implementing security policies that are comprehensible and that work.

    --
    Pining for the fjords
  5. Re:JavaScript Malware Open The Door to the Intrane by Anonymous Coward · · Score: 1, Funny

    I'll have the roast duck, with the mango salsa...

  6. Re:JavaScript Malware Open The Door to the Intrane by Ohreally_factor · · Score: 2, Funny

    Your grammar frightens and confuses me.

    --
    It's not offtopic, dumbass. It's orthogonal.