Slashdot Mirror


JavaScript Malware Open The Door to the Intranet

An anonymous reader writes "C|Net is reporting that JavaScript malware is opening the door for hackers to attack internal networks. During the Black Hat Briefings conference Jeremiah Grossman (CTO, WhiteHat Security) '...will be showing off how to get the internal IP address, how to scan internal networks, how to fingerprint and how to enter DSL routers ... As we're attacking the intranet using the browser, we're taking complete control over the browser.' According the the article, the presence of cross-site scripting vulnerabilities (XSS) dramatically increase the possible damage that can be caused. The issue also not which-browser-is-more-secure, as all major browsers are equally at risk. Grossman says 'The users really are at the mercy of the Web sites they visit. Users could turn off JavaScript, which really isn't a solution because so many Web sites rely on it.'"

3 of 169 comments (clear)

  1. JavaScript Malware Open The Door to the Intranet by Ohreally_factor · · Score: 5, Funny

    Caveman Zonk edit headline bad.

    --
    It's not offtopic, dumbass. It's orthogonal.
  2. Re:JavaScript Malware Open The Door to the Intrane by Exatron · · Score: 4, Funny

    Me, Grimlock, like headline. No want it change.

    --
    "I think so, Brain, but 'instant karma' always gets so lumpy." - Pinky
    "Decepticons FOREVER!!!" - Ravage
  3. NCSA Mosaic avoids this problem by shwonline · · Score: 3, Funny

    Ah, the simpler days of gray backgrounds and Times New Roman. None of these fancy tables, neither. And we had to walk 5 miles to school, uphill, in snow up to our hips. And 10 miles uphill to get back home. Kids today with their fancy JavaScript. No appreciation, none at all.

    --
    Do you have a flag?